Public-private partnerships: A catalyst for industry growth and maturity
As cybercriminals evolve their tactics, relying on tools like AI to simplify and speed their existing efforts, the cybersecurity industry also must evolve at an extraordinary pace. From CISOs to government agencies to software vendors, organizations everywhere are constantly rethinking and reimagining their approaches, with many adopting emerging technologies and developing more proactive strategies for staying ahead of adversaries. It’s not surprising, then, that security software and services spending is projected to grow by 15% this year. Job growth is poised to follow the same “up and to the right” trajectory, with the US Bureau of Labor Statistics predicting that the total number of cybersecurity jobs will increase between 10% and 31% in the next decade.
Attributes like rising demand, rapid innovation, and increased hiring indicate the cybersecurity industry is maturing. Yet one of the most significant barriers to meaningful and sustained industry growth is the siloed way many organizations still approach risk management. Having a skilled internal team, a robust technology stack, and a comprehensive and sophisticated cybersecurity strategy are undoubtedly all vital to increasing resilience. Yet no single individual or organization can combat cybercrime on its own, as no one has complete visibility into all the threats that exist.
Effectively disrupting cybercrime operations requires public and private organizations to work together, taking a coordinated, unified, and sustained approach. Collaboration is critical, and cultivating relationships across industries and borders lays the foundation for sharing information, ultimately enabling the industry to outpace our adversaries. Impactful collaboration across the public and private sectors is another key, yet often overlooked, measure of industry growth and maturity.
Successful partnerships offer a blueprint for effective collaboration
Numerous cybersecurity-focused partnerships are underway, involving successful collaboration across all sectors. These examples can help take public-private partnership efforts from abstract ideas to impactful execution and provide valuable insights and lessons learned.
One example is the work being done by the Cyber Threat Alliance (CTA) and its members. Earlier this month, the CTA introduced its Responsible Vulnerability Communication Policy, laying out guidelines for responsibly handling disclosed vulnerabilities in any product or system in a way that optimizes secure outcomes. The CTA and its members created this policy in response to decades of discussion across the industry about how to responsibly discuss vulnerabilities. Practitioners have long debated how to disclose newly identified vulnerabilities in software offerings and how companies should proceed after learning about vulnerabilities in their own products through third parties.
The development of and enthusiastic response to this policy is a sign of a maturing cybersecurity industry. The new policy is a strong example of greater standardization of ethical practices across the industry, better alignment with globally recognized standards, and increased transparency and collaboration among software vendors, government agencies, and researchers. The Responsible Vulnerability Communication Policy reflects a shift from ad hoc responses to a common framework and set of standards that guide how we approach and implement vulnerability disclosure. In a recent Q&A, CTA CEO Michael Daniel discussed the new policy, providing his perspective on what it means for advancing cyber resilience at scale.
In addition to collaborations that enhance the ways in which we communicate and manage vulnerabilities across our industry, there are additional global partnerships that exist to encourage and facilitate the sharing of information and threat intelligence across sectors and borders. The World Economic Forum Cybercrime Atlas Project is a leading example of an effective partnership among public and private organizations. The goals of the Cybercrime Atlas are threefold: map the cybercriminal ecosystem to identify choke points, disrupt cybercriminal organizations holistically through activities like dismantling infrastructure and seizing cryptocurrency, and shape policy through lessons learned to build a global, systemic operational model.
In the first year of operation, Cybercrime Atlas contributors shared over 10,000 community-vetted and actionable data points, created seven intelligence packages on emerging threats for distribution to defenders, and supported two cross-border cybercrime disruption campaigns. The Cybercrime Atlas community contributed last year to INTERPOL’s Operation Serengeti, which led to the arrest of 1,006 suspects. This collaboration is a shining example of the effectiveness of public-private partnerships.
By working across the public and private sectors, industry stakeholders can exchange knowledge and ideas and learn from one another, all of which enable our industry to operationalize initiatives that benefit everyone and make significant strides in the fight against cybercrime.
Industry growth hinges on working together
Public-private partnerships are more than just a defense against a growing list of threats—they are a catalyst for the cybersecurity industry’s growth and maturity.
As the saying goes, “a rising tide lifts all boats.” And when we establish a foundation of collaboration and trust through public-private partnerships, we set higher standards for security practices that enable our collective cyber resilience to improve. As the threat landscape grows increasingly complex, the industry must embrace these partnerships as essential rather than viewing them as optional. The future of our industry depends on our ability to work together, relying on our collective expertise to protect organizations and individuals around the world.
Learn more about Fortinet’s partnerships with public and private sector organizations such as the World Economic Forum, the Cyber Threat Alliance, INTERPOL, MITRE Engenuity, the Joint Cyber Defense Collaborative, and more.
