April 15th, 2021 -- Cyber threats have topped the U.S. intelligence community’s annual assessment of global threats for seven years running. Whether it’s hacks of companies like Equifax, Marriott and Target, Russian efforts to affect democratic elections, or the SolarWinds breach, every day seems to bring fresh stories of new cyber threats to personal freedom, individual privacy, international commerce, or national security. Yet while governments and corporations are fully occupied extinguishing the latest fire, one well-resourced and security-conscious community is oddly missing-in-action: private philanthropy. A new technological era has arrived, and funders must step up and engage.

Current philanthropic funding for cybersecurity is practically nonexistent. The latest data from the Peace and Security Funding Index shows that cyber grants made up less than one percent of the $3.7 billion that foundations devoted to peace and security issues since 2012 (less than .007 percent of total foundation giving). That stands in stark contrast to the seven percent of security funding focused on nuclear issues—funding that helped create a field of nuclear policy analysis that was critical in developing the strategic doctrines and supporting the nonproliferation efforts that have prevented nuclear conflict.

Given the global diffusion and rapidly-changing nature of Internet technologies, cybersecurity poses challenges that in many ways are tougher even than nuclear security. Cybersecurity is, as Steven Weber of the Center for Long-Term Cybersecurity cogently observed, “the master problem of the Internet age.” The number and severity of threats extends far beyond the narrow conception most people have of criminal hacks and espionage, as serious as these are. And they are growing.

The William Flora and Hewlett Foundation, Craig Newmark Philanthropies, and Gula Tech Foundation are taking the lead on giving in the cybersecurity sector. Each spends a lot of time thinking about how philanthropic funds can be used wisely to support the public interest. Cyber threats present formidable challenges of a type that call for support philanthropy uniquely can provide.

Governments and private corporations spend enormous sums of money on cybersecurity—billions each year, in fact. But governments are (quite rightly) worried about triaging today’s immediate threats, while industry is (naturally) focused on toughening its own networks. Both are fixated on the present, while their decisions inescapably shape and limit our future options. Building a road without knowing where to go or how to get there is perilous and unwise. Private philanthropy can take a longer view, focusing resources on thinking through the underlying laws, norms, and policies that should govern cybersecurity between people, within individual countries, and among nations.

The rise of cybercrime related to COVID-19 is exploding according to Interpol and is costing communities, families and small businesses billions. Law enforcement is unable to provide direct support for victims or provide data for researchers and policy makers that truly counts the losses. Government and legislators are making progress in part due to the leadership within the Cyberspace Solarium Commission which had 27 recommendations passed in the Fiscal Year 2021 National Defense Authorization Act.

One group of funders, in particular, could be playing a vital role fostering a field of disinterested cyber policy expertise: the entrepreneurs who made vast fortunes creating the very technologies that give rise to these threats. A century ago, industrialists like Andrew Carnegie and John D. Rockefeller—who profited handsomely from the disruptions wrought on American society by the Industrial revolution—devoted a large portion of their wealth to addressing those disruptions. The current generation of Internet pioneers, which is only now beginning to realize the responsibility that comes with such success, has the knowledge and unique perspective to make a difference on issues impacting cyber policy and the lives of Internet users. The nascent field, and society as a whole, needs their voices . . . and their dollars.

But not their voices and dollars alone. The technical issues can seem daunting to newcomers, and some funders are having trouble seeing where their dollars are needed. But these are challenges philanthropy has frequently overcome in the past, whether the issue was nuclear security, the Green Revolution, or climate change. Right now, what we need most is capacity—for research, for developing and sharing ideas, and for providing services to individuals and small businesses impacted by cyber threats.

We believe that private philanthropy is ideally suited to support the development of an emerging field of theorists and practitioners across cybersecurity domains. Those of us signing this letter have varied perspectives and priorities, but we have found common ground when it comes to cybersecurity precisely because the challenges are both vital and vast. There is plenty of room for funders with other interests to think about how cybersecurity will intersect with and affect their priorities, including mental health, economic stability and the wellbeing of children, seniors and our active military and veterans. Because whatever those priorities are, cybersecurity will intersect and affect them.

Cyber threats affect each of us every day, and its importance to our society will only grow. Anyone who cares about national security, innovation, economic development, personal privacy, or civil liberties should care about cybersecurity. Private philanthropy is a critical missing piece to meet this urgent need.

The organizations and professionals signing this letter are working each and every day to improve the cybersecurity ecosystem. We imagine the possibilities when philanthropy lends more support!

#CyberPhilanthropy #ExpandCyberFunding