It is no exaggeration to say that governments play an absolutely pivotal role in delivering effective cybersecurity. From regulation to investment, national leaders establish priorities, set goals and determine the urgency of our collective efforts across an increasingly alarming range of issues.
With that in mind, where should our leaders focus their time and public investment, and what benefits can we expect from improving the existing public-private approach?
1. Focus on global cybersecurity standards and regulations
While there has been a significant and welcome acceleration in the rollout of domestic and regional cybersecurity regulations, what’s needed next is more effective global coordination. The starting point here should be to establish a broad consensus on what is required to address cybercrime and a benchmark for minimum performance standards. Without a more unified approach, regulatory blindspots are inevitable, and this can only benefit threat actors.
Governments also need to work together to overcome international enforcement challenges that currently exist. In the EU, for example, cross-border enforcement remains an ongoing issue, with the European Parliament still working to harmonise the response of member states. This illustrates the wider challenge of ensuring regulatory and enforcement cooperation becomes more effective.
2. Focus on collaboration and information sharing
If governments are going to improve their ability to deliver coordination action to address cybersecurity issues, I believe there needs to be a much greater emphasis on collaboration and information sharing.
On a domestic level, improving information sharing between government organisations and the business community, I believe is key. Effective threat intelligence, for instance, fundamentally depends on proactive collaboration so all stakeholders can act on emerging security risks with the same level of insight. Granted, there is sometimes the need to keep certain information confidential, but there remains space for increased collaboration without compromising security.
Remember, this is a two-way street, and the private sector already has an established and highly specialised threat intelligence community that could be more effectively integrated into public sector cyber defence strategies.
3. Focus on AI
Governments need to focus investment decisions to further support the current levels of technology innovation that drive improvements in cybersecurity. Whether it’s working closely on joint R&D programmes with established industry leaders or improving funding options for startups, the potential for progress is huge.
In the case of AI, the genie is already out of the bottle and there should be a real sense of urgency attached to ensuring organisations can stay ahead of the risks posed by AI-powered malware and other cybersecurity risks. While the private sector is already heavily investing to bring new solutions to market, governments need to lead efforts so threat actors don’t gain a decisive advantage in what’s become an increasingly frantic AI arms race. The EU AI Act, which came into force from 1st August 2024, is a good start, but it is only applicable to the one region. To truly get a handle on the use of AI and protect organisations from the activities of cybercriminals, the UK government, and others across the world, should consider following suit.
4. Focus on quantum computing
In the case of quantum computing, where research is largely happening in the private sector, the role of government should be to back the most promising technologies. When these technologies become viable, they are certain to usher in another wave of cybersecurity risk and, collectively, we can’t afford to be playing catch up.
In the same way AI has overtaken us quicker than expected, it’s likely the same will happen with quantum computing. I believe now is the time for governments to offer leadership and give guidance in advance of the potential new risks. Quantum potentially turns this on its head completely, and without preparing for this possibility, the consequences could be devastating.
5. Focus on the cybersecurity workforce
The global cybersecurity industry suffers from a longstanding talent gap that has a serious impact on the ability of organisations to deliver effective protection. The most recent study from ISC2, for example, revealed that the global cybersecurity workforce gap currently sits at four million people.
Clearly, this problem isn’t easy to fix, but I believe governments should take a more active role in developing the cybersecurity workforce by providing funding, resources and support for educational programs. In many places, there remains a significant disparity between education systems and the skills required for cybersecurity careers.
In the UK, the government doesn’t need to reinvent the wheel. There are a range of transformational initiatives already out there that help support young people into technology career pathways, cybersecurity included. What the likes of TechTeen, for example, require is access to funding so they can expand on their existing efforts and give more young people the opportunity to reach their potential.
Despite these various challenges, there should also be optimism. Proactive governments that engage fully with the private sector can be a real force for good in an era where we face more cybersecurity risks than ever before. Get it right and we can have much more confidence that our connected societies will operate with minimal disruption.
By Darren Thomson, Field CTO EMEAI at Commvault