Discussions of the national cybersecurity ecosystem — that is, the combination of government and commercial stakeholders who secure U.S. public infrastructure and private enterprise — often center on national security. And, of course, public-private partnerships are vital for that very reason. Sometimes forgotten in the conversation, however, are the positive business impacts such partnerships can have for individual enterprise organizations themselves.
The desire to forge and strengthen public-private partnerships is clearly present: 93% of cyber decision-makers feel public-private partnerships are vital to national cyber defense, according to a report from RSA Conference and MeriTalk titled “Reimagining Public-Private Partnerships: Minimizing Systematic Risk and Transforming National Cybersecurity Resilience.” Additionally, 91% feel systemic risk is one of the biggest threats to national and economic security.
In mitigating cyber risk, security professionals can help create a safer country for U.S. citizens, allies and countless other stakeholders. But, simply, uniting the public and private sectors in this pursuit also presents unique business opportunities for enterprise organizations.
By strengthening the public-private partnership in cybersecurity, business leaders open the door for not only greater security within their individual organizations, but also a stronger cybersecurity workforce and enablement of greater technological innovation.
Supporting national security reciprocates business value
Cyberthreats pose a hefty price for private enterprises. Globally, cybercrime is expected to cost up to $10.5 trillion annually by 2025; a ransomware attack, on average, costs businesses $84,116 and over 16 days of network downtime.
However, while individual enterprise organizations can and should tend their own vulnerabilities to try and prevent such attacks, the public sector has much more power to dissuade cyberattacks systemically and reduce the overall activity of malicious actors at large.
The combined resources of federal intelligence agencies, as well as organizations such as the Cybersecurity and Infrastructure Security Agency (CISA), offer a global reach for detecting digital risks, tracking active malicious hacking groups and, ultimately, punishing those malicious actors. In doing so, they help prevent further proliferation of cyberattacks such as ransomware from inflating above today’s levels. That translates to money and time saved for businesses.
Of course, ransomware attacks do still remain on the rise, and cybersecurity teams must work to slow that rise beyond what they already have. To do so requires private organizations to play their part in identifying and reporting breaches to assist the public sector in its role as global investigator and legal enforcer.
Building a stronger cybersecurity workforce
Of the responsibilities both the public and private sectors are assigned, public and private cybersecurity decisionmakers agree that it is more the role of government agencies to maintain an educated workforce, according to the “Reimagining Public-Private Partnerships” report.
CISA, for example, publishes educational materials and virtual training modules for federal and non-federal security employees as well as the general public through certification courses, incident response training, a workforce training guide, the Federal Virtual Training Environment and more. The National Security Agency funds CyberSkills2Work, a program offering professional development training to those with military or first-responder experience pursuing a job in the cybersecurity field.
But the dialogue must flow both ways. Private organizations must clearly communicate to federal agencies the educational needs of their security and non-security workforce. In return, federal agencies are better able to collate those needs into far-reaching educational and training materials easily accessible to the private workforce.
This symbiosis serves to lift all boats — a stronger cybersecurity workforce in the private sector ultimately fosters greater security at the national level and provides individual enterprise organizations the benefits listed above — money and time.
Innovation depends on public-private cooperation
Beyond the premise that cybersecurity saves enterprise organizations both time and money, business leaders must also consider the technological innovation that public-private partnerships enable.
Take, for example, the problem of digital identity management. To improve cybersecurity strategies tackling identity management, security teams need access to a large number of data points. Currently, many identity proofing strategies rely on a few major data points, such as government IDs, identity history or biometrics such as facial recognition. Public-private partnerships, however, could enable the sharing of several others, including information from national criminal databases, verification data from public institutions like the IRS, private healthcare records, user device authentication and many more.
The sharing of personal data poses important concerns about individual liberty, and important conversations about the standards and regulations surrounding that sharing must be had. However, government agencies are largely unwilling to tackle the identity proofing problem themselves; so, if such a system is to be built, strong public-private partnerships must be forged. The private sector will ultimately be responsible for the sensitive data that the government is capable of sharing.
The business benefits of public-private partnerships in cybersecurity are straightforward: saving time and money, improving innovation and building a smarter workforce. Partnering with federal agencies to communicate breaches, highlight vulnerabilities and discuss enterprise cybersecurity needs are not sacrifices enterprise organizations must make in the name of national security; rather, they are investments any enterprise organization can make in national security and individual business value.