Brilliant framing of the NTSB comparison here. The bit about lack of clarity being the actual bottleneck for investment (not just cost pressure) is something most cybrsecurity discourse totally misses. I'd add that the "engineering exercise" framing maybe underplays political economy challanges tho. Getting legal teams to open up on breach data means incentive structures have to flip first, not just technical coordination improving.
thanks Neural - yep, I can imagine myself as a CEO or CFO asking "am I going to be asked every year for a new major investment for cyber?" Which is a reasonable question, esp. if we're only promising incremental improvements. The hesitancy is natural. Oh, and I agree, the political dimension is the prime hurdle, but if I focus on that too much one becomes too cynical.
Brilliant framing of the NTSB comparison here. The bit about lack of clarity being the actual bottleneck for investment (not just cost pressure) is something most cybrsecurity discourse totally misses. I'd add that the "engineering exercise" framing maybe underplays political economy challanges tho. Getting legal teams to open up on breach data means incentive structures have to flip first, not just technical coordination improving.
thanks Neural - yep, I can imagine myself as a CEO or CFO asking "am I going to be asked every year for a new major investment for cyber?" Which is a reasonable question, esp. if we're only promising incremental improvements. The hesitancy is natural. Oh, and I agree, the political dimension is the prime hurdle, but if I focus on that too much one becomes too cynical.