EconPapers    
Economics at your fingertips  
 

Cybersecurity needs secure software: How policymakers can hold software vendors accountable - and why they should

Alexandra Paulus

No 21/2026, SWP Comments from Stiftung Wissenschaft und Politik (SWP), German Institute for International and Security Affairs

Abstract: Cybersecurity incidents cause harm - for example, when adversarial states paralyse critical infrastructure or steal sensitive data. Many such incidents are only possible because many software products have known vulnerabilities. Software vendors could fix these, but they have little incentive to invest in the security of their products. To date, cybersecurity policy and protective measures have primarily addressed the symptoms of insecure software, rather than the root cause, namely software insecurity itself. This calls for regulation, specifically in the areas of product safety law, product liability regulations, and cybersecurity requirements for providers of software services. The European Union (EU) has already adopted initial rules, but regulatory gaps remain, and it is unclear whether member states will strictly enforce them. The German government should therefore now advocate for comprehensive European product liability regulations for software, and the Federal Office for Information Security (BSI) should impose fines on companies that violate existing rules.

Keywords: Cybersecurity Policy; insecure software; product safety; product liability; liability law; NIS 2 Directive; zero days; Open Source; OSS; critical infrastructure; CrowdStrike; Mythos Preview; On-Premises; Software as a Service; SaaS; EU Product Liability Directive; Cyber Resilience Act; CRA; Federal Office for Information Security; storage security (search for similar items in EconPapers)
Date: 2026
New Economics Papers: this item is included in nep-law, nep-pay and nep-reg
References: Add references at CitEc
Citations:

Downloads: (external link)
https://www.econstor.eu/bitstream/10419/341652/1/1972880608.pdf (application/pdf)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:zbw:swpcom:341652

DOI: 10.18449/2026C21

Access Statistics for this paper

More papers in SWP Comments from Stiftung Wissenschaft und Politik (SWP), German Institute for International and Security Affairs
Bibliographic data for series maintained by ZBW - Leibniz Information Centre for Economics ().

 
Page updated 2026-07-03
Handle: RePEc:zbw:swpcom:341652