Why we are vulnerable to cyber attacks

The news today has several reports of a recent surge in cyber attacks originating in China. The Times quotes US analysts as saying that the West had no effective response and that EU systems were especially vulnerable because most cyber security efforts were left to member states. US official reports indicate that attacks on Congress and other government agencies have risen exponentially in the past year to an estimated 1.6 billion every month. 
It’s no surprise. Security professionals and government authorities have been fully aware of the risk for decades. The root cause is a widespread failure to implement effective governance, monitoring and education processes. Fifteen years after the publication of BS 7799, most enterprises have yet to implement it effectively. Too many organisations have been bogged down in policy, risk analysis and paperwork rather than implementation, awareness and auditing. Given current progress it’s likely to take another decade to overcome this failing.