Cybersecurity Industry Called a Market Failure

An analysis of in Security Boulevard calls the cybersecurity industry a classic “market failure”, and offers several indicators to buttress that claim. First among them are chronic labor shortages, which are bad and getting worse. A 2019 workforce study found more than four million unfilled positions in cybersecurity, up from about three million the previous year. In-elasticity in the supply of cyber security candidates is one reason for this. Skilled cyber practitioners are likely to require strong computer science, network and infrastructure skills, before qualifying for more specialized training. That process can take years, and acts as a barrier to entry. Another indicator is government intervention in the form of regulations like the GDPR, the Network and Information Systems Directive (NIS) and California’s Consumer Privacy Act (CCPA), signs that the market is failing to provide the level of security consumers desire. The sheer number of data breaches is another indicator. They are increasing. According to the author, either buyers are buying and using the wrong products or those products are not providing a decent return on investment.