In the last 12 months, 39% of UK businesses experienced some form of cyber attack. Moreover, it was calculated that the average cost of data breaches globally reached a 17-year high in 2021 at US$4.24 million. In the wake of these attacks, the question is begged, who is responsible for stopping these attacks? 

Private corporations have emerged over the years to take on this responsibility. The very aim of their products and services is the prevention, or at the very least the mitigation, of cybersecurity threats. Yet, such organisations face an incentive problem. 

Cybersecurity companies are incentivised to supply solutions to threats with the highest demand, and their work has undoubtedly served as a boon to the wider community; protecting individuals and organisations around the world. However, by answering to the market mechanisms of supply and demand, they will inevitably leave other pressing issues to slip through the cracks. The need for security may be there, but the incentive to dedicate time and resources is not. What can help bridge this gap in demand are public agencies and academia. The information-collection capacity and regulatory power of public agencies, combined with the research skills of academia and the customer-focused tools of cybersecurity professionals, will create a safer cybersecurity landscape. 

A divided digital landscape is ineffective at preventing breaches and other cyber attacks. Unless there are established lines of communication between the private and public sectors, critical industries and millions of consumers will lack the research and development capabilities which collaboration offers. As such, it is more important than ever for private companies to have both contractual and informal relationships with public agencies and with academia. 

The hope is to bring together the dynamism of the private arena - whose competitive environment encourages companies to be quick, adaptable, and cost-effective - with the larger resources, broader scope and greater regulatory powers of public agencies. These collaborative relationships, called Private-Public Partnerships (PPP), are vital to a healthy cyber landscape in the UK and must be encouraged, established, and optimised wherever possible. 

The goal of PPP in cybersecurity is operational capability. The two sectors bring together knowledge about certain elements of the cyber landscape and create an in-depth defence of key systems and a rapid investigative platform. Government agencies offer the ability to conduct cyber espionage, monitor national network traffic, and can use human intelligence sources to inform potential threat actors. Meanwhile, private companies offer experience interacting with the base systems on which businesses operate and are more able to monitor private-sector networks. Together, they can identify one another’s blind spots and collectively leverage their respective strengths. 

Want to see the benefits of PPPs in action? Calling business leaders, technical cybersecurity gurus, academics and government experts, join us at Olympia London for International Cyber Expo on the 27th - 28th of September 2022.