"It also demands more research and development in computer security defences,"
Why I don't say that doing science for science's sake is a bad thing I will say that with the problem at hand it's really not necessary.
Really, just applying what we know is enough: using default deny firewalls (both IP and application level), proper authentication (rate limiting, requiring high entropy passwords) and encryption to sensitive systems (with 2 factor auth for critical infrastructure or likely targets).
We have this figured out, problem is, it costs money. Money that in the end just reduces very nebulous risks, not eliminates them, and that doesn't balance well on MBA's spreadsheets... Enforcing the minimal security requirement is the only way to make the systems secure.