• Insufficient awareness of the complexity of cybersecurity tech transfer. Tech transfer, while difficult in any field, seems particularly so in the constantly shifting world of cybersecurity. At each stage—from initial research idea, advanced prototype, and early-stage product to widespread adoption—the process can break due to internal factors or sudden shifts in attack methodologies, tools, and strategies. Commercializing security technologies effectively has been, in some cases, largely a matter of chance.
• A scattershot approach to R&D. Governments and businesses around the globe have invested hundreds of millions of dollars in cybersecurity R&D—but only loosely in coordination with one another. Research often was initiated based on a largely reactive model driven by the hot security topic of the day.
• Mismatch between market and threat environment. The market for security technologies targeted at nations' infrastructure is fragmented, narrow, and often heavily regulated. At the same time, the demand for mass market security solutions has become saturated, leading vendors to become very tactical in focus, looking at which innovations would fuel the next business opportunity.