Can public private partnerships tackle growing cybersecurity concerns?
By Katerina Mansour - 08 April 2021
The need for better cybersecurity is growing at a rapid pace both in the public and private sectors. The global cybersecurity market is expected to be worth $366 billion by 2028. Among many factors, digitalisation and the Covid-19 pandemic have been key drivers. In this article, we explore the increasing need for stronger cybersecurity and how both the public and private sector can work together in these efforts.
An increasing need for strong cybersecurity efforts
According to IBM, a data breach cost $3.86 million on average in 2020. The company also estimated it took 207 days on average to identify a data breach in 2020. Over the years there have been many notorious data breaches that illustrate just how expensive cyberattacks can be. The 2017 Equifax breach, which made headlines worldwide for weeks, reportedly cost the company $1.4 billion as of 2019. The fallout of this event is still ongoing.
Awareness of cybersecurity risks has increased in part due to these notorious breaches. The World Economic Forum’s 2021 global risks report indicated that cybersecurity failure was the fourth most popular answer (39%) when respondents were asked what global society’s biggest threat was.
Businesses are increasingly focusing on their cybersecurity efforts in the hopes of avoiding the costs a successful attack can incur. According to a 2020 PwC survey, 55% of business executives plan to increase their budgets for cybersecurity in 2021.
The Covid-19 pandemic, like most crises, has sparked an increase in cyber threats and attacks. A survey by CrowdStrike, a cybersecurity vendor, showed there were more intrusion attempts in the first six months of 2020 than in all of 2019.
Increased digital adoption due to workplaces closing and employees working from home is arguably the key driver here. Cybercriminals now have a plethora of opportunities due to the chaos Covid-19 created in how businesses operate and how employees work.
However, even before the pandemic hit, rapid digitalisation was already feeding cybersecurity threats. New technologies and their rapid deployment worldwide are creating new opportunities for cyberattacks. According to the World Economic Forum, attacks on IoT devices grew by 300% in 2019. A report by Aqua Security indicates that between June 2019 and July 2020, attacks against cloud systems grew by 250%.
The benefits of public private partnerships (PPP) for cybersecurity
“Cybersecurity is a team sport. Partnership is critical because no one organization has the full picture.”Morgan Adamski, chief of NSA’s Cybersecurity Collaboration Center.
Public private partnerships (PPP) are prominent in many regions of the world, from North America to Asia-Pacific. They can be useful for a wide variety of issues. In terms of cybersecurity, the EU encourages these partnerships through legislation like the Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace and Joint Communication on Resilience, Deterrence and Defence: Building strong cybersecurity for the EU.
Cooperation between public and private sectors to strengthen cybersecurity is a concept that has been around for several years. The benefits are clear: both sides can pool their resources and expertise together in order to learn from each other and build stronger cyber defence systems and mechanisms. Cooperation seems inevitable, especially when considering the private sector typically owns and operates a large part of a country’s infrastructure.
Through these partnerships, companies can weigh in on the drafting of new regulations pertaining to cybersecurity. They can bring insights into how certain regulations would pan out in real life. They can provide input on how to make legislation as relevant and effective as possible within the current cybersecurity landscape.
Training on crisis management can also be key within a public private partnership. Crisis simulation exercices can help both sectors gain insights on how to best tackle a cybersecurity crisis when it’s happening. When a crisis happens there won’t be time for both sides to discuss and plan a strategy together rapidly enough. Preparing for these events together through simulations can help save precious time when a cyberattack is underway.
Key challenges remain
Mistrust between the public and private sector is arguably one of the biggest challenges. This is exemplified when looking at the United States, where large tech corporates and the government historically lack trust in each other.
Data sharing can be challenging due to the sensitive nature of the information. The amount and depth of information governments are willing to share is limited by concerns over national security. For the private sector, the amount of data shared can also be limited by fears of government interference or concerns over divulging intellectual property.
Issues around privacy and data protection are also a barrier to private institutions’ willingness to share information with other parties. Indeed, the past few years have seen a sharp rise in public concerns over data privacy.
Furthermore, there is a fundamental difference between the mandates, culture and language of private and public entities. Partnerships need strong leadership which can ensure both sides work efficiently together, despite their potentially different goals.
Typically, the private sector will have concerns over business continuity and profitability, while governments will be more focused on legislative aspects of cybersecurity. Businesses will seek to complete tasks efficiently, in order to save time and costs. Public institutions, on the other hand, have longer processes and arguably less agility. While these different ways of operating can be a challenge, they also present another opportunity for both sides to learn from each other.
Fostering innovation to tackle cyberthreats
Efforts to involve startups in the cybersecurity space are growing worldwide. The United Kingdom has been leveraging startups to strengthen the country’s cybersecurity. Back in 2016, the government chose Wayra UK to run a cybersecurity accelerator facility that would help UK startups in developing cybersecurity systems for the country. This was a first step in the UK’s £1.9bn National Cyber Security Programme. It involved providing startups with access to Government Communications Headquarters (GCHQ) personnel and expertise to help them in their efforts.
In 2017, the public private partnership Cyber NYC was launched. In February 2020, a new development hub was created within the framework of this partnership. This new accelerator programme aims to create new cybersecurity companies that will be able to protect other companies and infrastructures from cyber threats.
Startups have and will continue to play a key role in cybersecurity. In the first half of 2020, British cybersecurity startups had already raised £496 million, compared to £521 million for all of 2019. Their funding effectively increased by 940% compared to the same time period in 2019.
Indeed, while funding dipped in other sectors due to the pandemic, cybersecurity startups have hailed significant wins. Their agility in providing solutions that can protect citizens and businesses alike renders them attractive both to the public and private sectors. As such, they could be leveraged within the framework of a public private partnership on cybersecurity.