Failures in the technology market are leading to discussions over the need for legislation to ensure IT suppliers prioritize secure products. The National Cyber Security Centre highlights the market's failure to incentivize cyber-resilient technology development, despite the technical ability. Security vulnerabilities are increasing, with the market focusing on value and cost over security
Suggestions include making software companies liable for insecure products, mirroring the US's approach. However, challenges arise, such as financial constraints and market dynamics. Transparency in software cost, effectiveness measurements, and enforcing liabilities for negligence are proposed long-term solutions. The path to fixing the market could involve a change in legislation, though it might face opposition and could take up to a decade to implement. Academic research aims at providing ways to measure software security. The UK might need to adopt a legislative approach similar to the US to ensure IT suppliers prioritize security in their products. https://www.computerweekly.com/news/366585735/Why-the-UK-needs-to-fix-its-broken-IT-security-market