Car Safety Standard Testing & InfoSec

At the IET cyber security conference listening to the keynote by Mike StJohn-Green discussing "cyber security - who says we are safe" he raised the comparison with car safety when buying security are we looking for the Volvo a name that is linked with car safety or looking for the best that meets our needs. He also mentioned about the NCAP rating which is a standard safety test in the EU for comparing the safety of cars, however one of the problems is that since safety sells cars, manufacturers design cars to get a higher rating, this does not mean that they are safe for occupants and pedestrians. This goes for a lot of information security equipment, the testing is not always representing the real world environment and give the assurances required by senior management to make decisions.