A company's appreciation of the need for better information security tends to vary according to its industry vertical. The banking and finance sector, for instance, is widely acknowledged by industry watchers to demonstrate a much greater awareness of the problem than most other sectors. But even in the banking and finance sectors, Clarke says, security conscious companies have yet to figure out how to translate this knowledge and expertise into benefits that affect the bottom line.

By Clarke's estimates, only about 30 percent of bank customers currently use online banking, even though the cost savings to the bank of having customers go online is enormous. "It can be the difference between costing less than five cents to do a banking transaction online to as much as seven dollars for the bank to conduct the same transaction in person," he says.

You would think that saving several dollars on each transaction would be one heck of an incentive for banks to get their customers to move to online banking. Clarke, for one, is sure that more customers could be coaxed into doing their banking online if the banks offered them better security. "I think there are lots of things that banks could easily and cheaply offer that would manifestly demonstrate, at least to the home user, that things are more secure," he says, suggesting that banks could offer account holders an antivirus system or a firewall, or provide homes with a two-part authentication system.

"Don't ask the 30 percent who are doing online banking: 'Would you mind if we added additional security?' What they need to do is ask the 70 percent who aren't doing online banking: 'Why aren't you doing online banking?' The overwhelming reason is not that they lack a computer, or that they lack computer literacy, it's that they believe - correctly - that cyberspace is insecure and chaotic.

"So here's a case where even in the leading sector for cybersecurity, the banking and finance sector, they're asking the wrong questions. They're asking the question: Can I absorb the cost of the fraud that goes on? Wrong question. They're asking: Do the people who now use online banking want more security. Wrong question. Right question: How do I get those additional customers to do online banking. And the answer is: You do it by persuading them that there is a more secure system."

Public vs Private

Some might find it hard to believe that Clarke, a man who has worked under seven presidents and spent three decades in the public service, is these days speaking like a corporate analyst and touting the benefits of security as a competitive advantage. But Clarke, who describes his move to the public sector as a "very nice transition", insists he has not missed government work for a minute since he left and has no desire to go back.

"I think with regard to the issues that I want to speak out on, like the need for companies to be aware of cybersecurity threats and the larger security environment, I'm much more free now to say what I believe - and to say it to the audiences that I choose - than when I was a civil servant," he says.

Clarke also maintains that, compared to his time spent in government, it is relatively easily to create alliances of concerned people in the private sector. "I just say to them: 'Look, the government is not going to solve your problem'," he says. "You can't wait for the government to solve your problem. You have to organize with like-minded companies and like-minded citizens to get the job done. Then you can begin an awareness campaign on whatever the issue is, and I think you can make real progress. That's far better than having the government regulate."

Security Minded

Currently chairman of information security consultancy Good Harbor, Richard Clarke was the first US national coordinator for security and counterterrorism - America's "counterterrorism czar". Appointed in 1998 by President Bill Clinton, Clarke continued in the position during the presidency of George W Bush.

From 2001-2003 Clarke served as special adviser to the president for cyberspace security - the culmination of 11 years in the White House, making him the longest-serving senior staffer. Previously, Clarke spent 19 years in the Pentagon, serving as deputy assistant secretary of state for intelligence, assistant secretary of state for military affairs and coordinator of diplomatic affairs during the Gulf War.

Clarke resigned his White House post in February 2003, but not before helping to draft America's National Strategy to Secure Cyberspace. Clarke's testimony at the public hearings of the 9/11 Commission gained a great deal of media attention for his scathing criticism of the Bush administration and its handling of the War on Terrorism, which Clarke detailed in his 2004 book, Against All Enemies: Inside America's War on Terror.

Best Practice

Share information in a way that anonymizes the company. "In several countries, including Australia, industries have gotten together to create information sharing centres," says Richard Clarke, former top cybersecurity adviser to the US president and chair of the US Critical Infrastructure Protection Board.

"These information sharing centres take reports from their member companies on vulnerabilities that have been exploited or vulnerabilities that have been discovered, and about ways to best do remediation. They share that information, but they anonymize the company. It's done in the US, it's done in Australia and that protects the individual company.