Chapter 1 – The Economics of Cybersecurity: Advantage Attackers
Chapter 2 – Dangerous and Effective: China’s Digital Strategy
Chapter 3 – The Solar Winds of Change: The Threat of Systemic Cyber Risk
Chapter 4 – Outdated and Ineffective: Why Our Current Cybersecurity Programs Fail to Keep Us Safe
Chapter 5 – Reinventing Cybersecurity: A Strategic Partnership Approach
Chapter 6 – The Cybersecurity Policy We Need: Incentivize, Modernize, Economize
Chapter 7 – Health: Cybersecurity as a Core Element of Patient Care
Chapter 8 – Defense: Leveraging the Dual Economies of the Defense Industrial Base
Chapter 9 – Financial Services: Regulation Isn’t Enough
Chapter 10 – Energy: Protecting the Smart Grid
Chapter 11 – Retail: Serving Consumers and Keeping Them Secure
Chapter 12 – Telecommunications: Managing International Risk in a Post-COVID-19 World
Chapter 13 – Information Technology: Defining How to Govern IT
Of all people who log into a retailer’s ecommerce website, 80 to 90 percent of them are hackers who are using stolen personal information. Like many businesses, retail firms are rapidly going through their own digital transformation and becoming increasingly dependent on technology, particularly with the growth of automation and artificial intelligence (AI). Retailers have been so enthused about how digital transformation can enhance their businesses model that many of them have not focused on the negative repercussions that come from it, poor security being one of them. Retailers, operating in an intensely competitive market with low profit margins are driven to provide the customer with a positive experience at the expense of applications for security. Customers in the retail sector are less likely to stop shopping at retail firms when they are made aware of a security breach, further incentivizing retailers to provide lower costs for customers and better customer experience instead of improved cybersecurity. As long as retailers are continuing to see economic gains by applying new technological tools, and, not losing customers even when they’re breached, they will likely continue to be underprepared for the highly probable cyber-attack. If we keep using current methods and regulations, corporations will continue to be hacked and damaged. It is up to the private sector and government to work together and make these solutions become a functionable part of reality. Many retailers’, as small companies (SMEs) access to adequate cybersecurity expertise is scarce even if they had the resources. Some solutions laid out in this chapter include: Measuring the NIST Cybersecurity Framework’s impact and cost-effectiveness; Consolidating definitions and guidelines for protecting personal data through a national data breach bill; and Improving authentication requirements for digital systems.
Combining Technology, Public Policy and Economics to Create a Sustainable System of Cybersecurity
| 2500 Wilson Blvd, #245
Arlington, Virginia 22201
ISA provides cybersecurity expert testimony and thought leadership in government and serves as an expert witness to the press.
Andy Kirkland is the Chief Information Security Officer for Starbucks Coffee Company. He has 20 years of experience working in information security and FDA regulatory environments. He holds a bachelor’s degree in business and mathematics from Adrian College.
Alexander T. Green is a staff editor for the Georgetown Journal of Law and Public Policy and is Vice President of the Corporate and Financial Law Organization. He holds a Juris Doctor from Georgetown Law.