There are very few people who don't want a secure online experience. It would be difficult, even under the best of circumstances, to find someone who actually wants credit card information stolen or replaces the siding on the house with copies of a birth certificate. Though by like token, no one wants perfect security, either; in perfect security, the information in question is so secure that no one can access it, not even the people who should. A new report from Radware (News - Alert), meanwhile, illustrates the point nicely: security is a wonderful thing, but sometimes, security can mean more problems than solutions.

The Radware survey showed one major point very well, with 87 percent of respondents to the study saying that, while the respondents knew the regulatory changes being made were necessary to securing the industry's operations as a whole, the new regulatory changes were actually having a negative impact on the business as a whole. Revenue loss was showing up in 58 percent of cases as a result of the changes, and both business disruption and productivity loss played a major role at 57 percent and 54 percent of respondents respectively. Perhaps the most disturbing part of the study was that, for around 40 percent of respondents, the bottom line was being directly impacted regulations.

That's bad enough by itself, but the troubles just carry on. While virtually all respondents claimed familiarity with the new guidelines, there were many who were unaware of certain specific regulations like the Federal Financial Institutions Examination Council (FFIEC)'s recent Joint Statement on DDoS Cyberattacks and Risk Mitigation, which draws some doubt on the concept that, maybe, the institutions in question aren't as familiar with regulations as might be hoped. But a great many changes are going on all the same, with 53 percent citing the introduction of new technologies, 49 percent changing various processes and mandates in current systems, and 47 percent created new models to deal with the changes. 43 percent increased budgets, on average hiking the totals up 14 percent just to address the changes.

Radware's Carl Herberger, who serves as the company's vice president of security solutions, offered up some comment on the matter, saying “Radware conducted this survey to investigate what organizations are doing in response to current regulatory changes that essentially were enacted to safe-proof their networks from future, potentially even more detrimental attacks. While companies are taking the right steps to adjust to the ever-changing regulatory landscape, institutions need to be better informed on the specifics of new laws in order to implement the most cost- and resource-efficient measures.”

This represents well the promise and the problem of regulations in private enterprise. Yes, everyone wants a more secure experience. No one should have to endure credit card fraud or identity theft to buy a book over the Internet. Yet by like token, we must be careful, as a society, of how much burden is placed on financial services firms when it comes to enforcing that security. The problem here is that, should there be too many regulations or the costs of meeting those regulations prove too high, firms will exit the market altogether. That means fewer competitors, fewer choices, and lost opportunities for both firms and users alike.

Security is important. But providing security can be expensive and difficult. Splitting the difference is the only way to keep service as we know it up and running; and the Radware survey shows just how fragile the system actually is, overall.