Conclusion

There is widespread recognition among lawyers, management and information system specialists that the creation of a secure network demands more than law or better technology. It is generally recommended that businesses create a security culture starting from top management and sustained by clear and easy-to-implement policies.

Regarding the role of national organisations that help protect networks, one problem stands out. The absence of a legal duty on the part of businesses to report attack diminishes the role of existing authorities (such as CERTs and the police) with the result that such important areas of business as finance and banking may remain more vulnerable than they would otherwise be. The need of accurate data for threat assessment must therefore be met if an improvement is sought in the current lacunae.