Factors such as heavy lobbying, lurid language and poor analysis are inhibiting government planning for cyber protection, according to a new report on systemic Cyber Security published by the OECD today.
The study, which was conducted by Peter Sommer of the London School of Economics and Dr Ian Brown of the Oxford Internet Institute, also concludes that it is unlikely there will ever be a pure cyber war fought solely in space that will have as weighty an impact as recent wars fought in Afghanistan and the Middle East.
The study is aimed at governments, global businesses and policy makers and looks at the nature of global catastrophes then asks which cyber events might create similar effects.
Sommer argues that the language used in cyber security debate can mask differences in the scale of problems.
"We don't help ourselves by using ‘cyberwar' to describe espionage or hacktivist blockading or defacing web sites, as recently seen in reaction to WikiLeaks," he said.
"Nor is it helpful to group trivially avoidable incidents like routine viruses and frauds with determined attempts to disrupt critical national infrastructure," he added.
The study says that many cyber risks are real but that testing is required before a potential threat causes real damage.
The best protections are careful system design, the use of products to detect known viruses and system intrusions, and user education. It is also essential to have proper contingency plans for system recovery.
"We think that a largely military approach to cyber security is a mistake," said Brown. "Most targets in the critical national infrastructure of communications, energy, finance, food, government, health, transport, and water are in the private sector.
"Because it is often difficult to be certain who is attacking you from cyberspace, defence by deterrence does not work," he added.
"That said, cyberweaponry in all its forms will will play a key role alongside more conventional and psychological attacks by nation states in future warfare."
Robert Chapman, CEO of IT training company Firebrand Training, argues that there is now an increased role for ethical hackers in the war against cyber crime: "We train professional ethical hackers to protect the nation's IT systems.
"It is becoming more apparent that an ethical hacker's job is beyond protecting their company's interests. They are protecting the safety and financial interests of the whole nation.
"The government has clearly indicated that it intends to tackle the very-real threat of cyber attacks head-on. A key enabler for this is to introduce more ethical hackers. Surely we'd prefer an ethical hacker to find a vulnerability in our IT systems, before a terrorist does?"
By eliminating high entry costs for big data analysis, you can convert more raw data into valuable business insight.
A discussion of the "risk perception gap", its implications and how it can be closed