Cyber threats have topped the U.S. intelligence community’s annual assessment of global threats for seven years running. Whether it’s hacks of companies like Equifax, Marriott and Target, Russian efforts to affect democratic elections, or the SolarWinds breach, every day seems to bring fresh stories of new cyber threats to personal freedom, individual privacy, international commerce, or national security. Yet while governments and corporations are fully occupied extinguishing the latest fire, one well-resourced and security-conscious community is oddly missing-in-action: private philanthropy. A new technological era has arrived, and funders must step up and engage.
Current philanthropic funding for cybersecurity is practically nonexistent. The latest data from the Peace and Security Funding Index shows that cyber grants made up less than one percent of the $3.7 billion that foundations devoted to peace and security issues since 2012 (less than .007 percent of total foundation giving). That stands in stark contrast to the seven percent of security funding focused on nuclear issues—funding that helped create a field of nuclear policy analysis that was critical in developing the strategic doctrines and supporting the nonproliferation efforts that have prevented nuclear conflict.
Given the global diffusion and rapidly-changing nature of Internet technologies,
cybersecurity poses challenges that in many ways are tougher even than nuclear security. Cybersecurity is, as Steven Weber of the Center for Long-Term Cybersecurity cogently observed, “the master problem of the Internet age.” The number and severity of threats extends far beyond the narrow conception most people have of criminal hacks and espionage, as serious as these are. And they are growing.
The William Flora and Hewlett Foundation, Craig Newmark Philanthropies, and Gula Tech Foundation are taking the lead on giving in the cybersecurity sector. Each spends a lot of time thinking about how philanthropic funds can be used wisely to support the public interest. Cyber threats present formidable challenges of a type that call for support philanthropy uniquely can provide.
Governments and private corporations spend enormous sums of money on
cybersecurity—billions each year, in fact. But governments are (quite rightly) worried about triaging today’s immediate threats, while industry is (naturally) focused on toughening its own networks. Both are fixated on the present, while their decisions inescapably shape and limit our future options. Building a road without knowing where to go or how to get there is perilous and unwise. Private philanthropy can take a longer view, focusing resources on thinking through the underlying laws, norms, and policies that should govern cybersecurity between people, within individual countries,
and among nations.
The rise of cybercrime related to COVID-19 is exploding according to Interpol and is
costing communities, families and small businesses billions. Law enforcement is unable to provide direct support for victims or provide data for researchers and policy makers that truly counts the losses. Government and legislators are making progress in part due to the leadership within the Cyberspace Solarium Commission which had 27 recommendations passed in the Fiscal Year 2021 National Defense Authorization Act.
One group of funders, in particular, could be playing a vital role fostering a field of
disinterested cyber policy expertise: the entrepreneurs who made vast fortunes creating the very technologies that give rise to these threats. A century ago, industrialists like Andrew Carnegie and John D. Rockefeller—who profited handsomely from the disruptions wrought on American society by the Industrial revolution—devoted a large portion of their wealth to addressing those disruptions. The current generation of Internet pioneers, which is only now beginning to realize the responsibility that comes with such success, has the knowledge and unique perspective to make a difference on issues impacting cyber policy and the lives of Internet users. The nascent field, and society as a whole, needs their voices . . . and their dollars.
But not their voices and dollars alone. The technical issues can seem daunting to newcomers, and some funders are having trouble seeing where their dollars are needed. But these are challenges philanthropy has frequently overcome in the past, whether the issue was nuclear security, the Green Revolution, or climate change. Right now, what we need most is capacity—for research, for developing and sharing ideas, and for providing services to individuals and small businesses impacted by cyber threats.
We believe that private philanthropy is ideally suited to support the development of an emerging field of theorists and practitioners across cybersecurity domains. Those of us signing this letter have varied perspectives and priorities, but we have found common ground when it comes to cybersecurity precisely because the challenges are both vital and vast. There is plenty of room for funders with other interests to think about how cybersecurity will intersect with and affect their priorities, including mental health, economic stability and the wellbeing of children, seniors and our active military and veterans. Because whatever those priorities are, cybersecurity will intersect and affect them.
Cyber threats affect each of us every day, and its importance to our society will only grow. Anyone who cares about national security, innovation, economic development, personal privacy, or civil liberties should care about cybersecurity. Private philanthropy is a critical missing piece to meet this urgent need.
The organizations and professionals signing this letter are working each and every day to improve the cybersecurity ecosystem. We imagine the possibilities when philanthropy lends more support! #CyberPhilanthropy #ExpandCyberFunding
Center for Cyber Safety and Education
Patrick Craven, Director
Cloud Security Alliance
Jim Reavis, Founder/CEO
Craig Newmark Philanthropies
Craig Newmark, Founder
Cybercrime Support Network
Kristin Judge, CEO/Founder
Cyber Readiness Institute
Kiersten Todt, Managing Director
Stéphane Duguin, CEO
Laura Baker, President
Global Cyber Alliance
Philip Reitinger, President & CEO
Gula Tech Foundation
Ron and Cyndi Gula
Identity Theft Resource Center
Eva Casey Velasquez, President/CEO
International Consortium of Minority
Cybersecurity Professionals (ICMCP)
Larry Whiteside,Jr., Co-Founder & President
Internet Security Alliance (ISA)
Larry Clinton, President/CEO
Former Special Assistant to President Obama and
National Center for Victims of Crime
Renee E. Williams, Esq., Executive Director
National Cybersecurity Student Association
Gus Hinojosa, Jr., Executive Director
National Sheriffs’ Association
Sheriff (Ret.) David Goad, NSA Past President
Chair – Emerging Technology, CJIS and
Cybersecurity & CyberCrime Committees
National Technology Security Coalition
Patrick Gaul, Executive Director
Observatory on Social Media
Filippo Menczer, Director and
Distinguished Professor, Indiana University
One in Tech, an ISACA Foundation
Ginger Spitzer, Executive Director
R Street Institute
Eli Lehrer, President
Stan Stahl, PhD., President
Silverado Policy Accelerator, Inc.
Cyber Security and Business Resiliency Evangelist
State of Delaware, Former CSO
STOP. THINK. CONNECT.
Messaging Convention, Inc.
Peter Cassidy, CEO
Travis Moore, Founder and Director
The Global Forum on Cyber Expertise
Christopher Painter, President
Jim Kessler, Executive Vice President for Policy
Information Assurance Directorate,
National Security Agency (retired)
William and Flora Hewlett Foundation
Larry Kramer, President
Kelly Born, Director, Hewlett Foundation Cyber
Initiative and Founding Director of the Stanford
Cyber Policy Center
Women in CyberSecurity (WiCyS)
Ambareen Siraj, Founder
Women’s Society of Cyberjutsu
Mari Galloway, CEO