Skip to content
City PM
  • Germany
  • France
  • Europe
  • Markets
  • Business
  • Opinion
  • DE
  • Germany
  • France
  • Europe
  • Markets
  • Business
  • Opinion
  • DE
Thursday 16 May 2019 11:32 am  |  Updated:  Wednesday 05 June 2019 8:46 am

Cyber security solutions that are only 95 per cent effective are just not good enough anymore

The cyber security industry is failing businesses. Cyber criminals are constantly evolving and evading the market’s most sophisticated detection-based security solutions, with government figures showing that 32 per cent of UK businesses have faced a cyber attack or data breach in the past year.

Most security solutions take a “best endeavour” approach to defending against threats – offering little more than 95 per cent protection at best.

We wouldn’t satisfy ourselves with a seatbelt that worked 95 per cent of the time, nor a front-door lock that could be opened five times in 100. Yet in a world where data is the new currency and consumers vote with their feet, the cyber security industry appears to expect its customers to introduce that level of risk into their organisation.

Read more: Face off: iProov's facial verification system lets you prove who you are

I know the issue first-hand. In a previous role, I had to explain to a US Fortune 30 brand why it had suffered multiple breaches over a three-month period, despite being told that it had the best detection capability that money could buy.

In response, one board member simply said, “Dan, this best endeavour approach to detection gives us unquantifiable business risk – that’s unacceptable to our shareholders”.

He was right – it is unacceptable. Yet most companies seem resigned to accepting this risk for their own business and customers.

As it stands, there is very little incentive for the industry to do better. The cyber security market is expected to reach $300bn by 2024, with providers making a lot of money from selling fallible, sub-par solutions.

That’s not because 100 per cent secure solutions are not possible – indeed, we’ve proven that they are. By moving away from the traditional detection-based approach, new and wholly effective attack-prevention systems can and are being created.

Read more: Bank of England director calls for 'collective solution' to cyber threats

But we will only reach the tipping point where businesses reject the mantra that “95 per cent secure is good enough” when they start to feel the repercussions beyond an initial breach. Insurers and government watchdogs must step away from the culture of “best endeavours” and hold businesses accountable when they are breached due to the use of fallible solutions.

There are plenty of examples of this, going back as far as 2015, when a complaint was filed against California healthcare provider, Cottage Health System, by its cyber insurer, after it was discovered that it hadn’t met the “minimum required practices” when it had been breached.

Insurers and watchdogs must go further and make it clear that they will not pay out when companies have knowingly introduced the unquantifiable risk of sub-par security into their business.

Indeed, only when businesses understand that they are being failed by their security providers, and are being penalised as a result, will there be enough uproar to force the cyber security industry to shift away from improving fallible technology and towards finding novel solutions that truly prevent attacks.

Share this article

  • Facebook
  • X
  • LinkedIn
  • WhatsApp
  • Email

Similarly tagged content:

Sections

  • News
  • Opinion

Categories

  • Business
  • Opinion
  • Tech

Related Topics

  • Bank of England

Trending Articles

  • Burnham tax plans spark investor rush to bank capital gains

  • Nothing fails to file accounts months after dissolution threat

  • I’ve taken the best train trips in the world. Here are my 5 favourites

  • Cruyff turn: Starmer allows pubs to stay open for England World Cup game

  • Nottingham Forest owner Marinakis announces £210m stadium plans

More from City PM

  • ‘Act now’: AI models capable of attacks on governments months away, Five Eyes warn

    Tech
    GettyImages 158774123 showcases a relevant business meeting scene, highlighting diverse professionals engaged in discussion.
  • Yubico Joins European Cyber Security Organisation (ECSO)

    Business Wire
  • Gambit Cyber Launches Vizier AI – An Autonomous Security Intelligence Workspace for Continuous Exposure Management

    Business Wire
  • The Debate: Should CEOs be held personally accountable for cyberattacks?

    Opinion
    Evil-looking keyboard symbolizing cybersecurity threats and hacking risks in a digital landscape.
  • Neo4j Acquires GraphAware to Launch Intelligence Analysis Alternative to Palantir Gotham

    Business Wire
  • Trump to reject UK plea over Anthropic ban as AI ‘kill switch’ fears grow

    Tech
    Getty Images logo on a modern office building exterior, symbolizing global influence in media and stock photography industry
  • Professional services firms the ‘flavour of the month’ for cyberattacks

    Prof Services
    The ICO said it initially planned to fine Capita a total of £45m, but this was later reduced by “mitigating factors”
  • Cloudflare Launches Design Partner Designation to Accelerate Secure AI and Seamless SASE Adoption

    Business Wire

City PM — European politics, business and analysis.

Europe

  • Germany
  • France
  • Europe
  • UK & Ireland

Topics

  • Business
  • Markets
  • AI
  • Technology
  • Opinion
  • Energy

More

  • Politics
  • Economics
  • Fintech
  • Legal
  • Sport
  • Life

Company

  • About City PM
  • Editorial Policy
  • Corrections
  • Contact
  • Terms of Use
  • Privacy Policy
  • Cookie Policy
© 2026 City PM · Published by CityPM Media, Bahnhofstrasse 65, 8001 Zürich, Switzerland
About · Editorial Policy · Corrections · Contact · Privacy