Failures in the technology market are prompting discussions in government over whether the UK will ultimately need to legislate to force IT suppliers to secure their products.
Policy advisors believe legislation may be the only route to persuade software and hardware suppliers that it is worth their while to develop products that are resilient to cyber attacks.
This could see the UK following the US, which is proposing to make software suppliers legally liable if they deliver insecure products and services as part of its National Cybersecurity Strategy.
The problem has been exercising Ollie Whitehouse, chief technology officer at the National Cyber Security Centre (NCSC), which is part of the signals intelligence agency GCHQ.
He told a conference in Birmingham this week that the market is failing to incentivise technology suppliers to spend time, money and effort on ensuring that their software is free from security vulnerabilities.
Whitehouse