We need a new approach or paradigm shift, that is not radical, but rather one that offers the hope of changing the information security equation. The main root of the issue is that the economics aren’t aligned correctly to ensure accountability and responsibility. The government must take the lead in either providing prescriptive legislation (not more regulations but effective ones) or by encouraging companies in the same industry to form security governance functions. This approach will not be embraced by everyone as many have motivation and economic interests that conflict with maintaining good basic security practices.”]
Source: https://www.csoonline.com/article/2133593/3-reasons-why-america-s-security-model-is-broken.html