- A recurring theme during the dialogue was the need forgreater prioritisation of cyber security across all stakeholders. Participants stressed that politicians need to be encouraged to place cyber security on national, regional and international agendas, and make more resources available for cyber security. They discussed the need to champion this debate within their own organisations as well as the various ways to do this, including linking cyber security with political priorities such as election security, international development and the defence of allies.
- Participants explained that companies need to be more transparent during the research and development phase of technologies so that risks and vulnerabilities can be assessed before products land on the market. As one participant noted, there needs to be a shift in the business model away from providing solutions for cyber security problems to ensuring that products are safe and secure throughout their life cycle – in this way, products need to be “secure by design”. This participant drew an analogy between the cyber security and pharmaceutical sectors because, currently, both place too much emphasis on the treatment of the problem rather than the development of a cure, which has led to a “commodification of vulnerabilities” in the cyber security sector.
- Given the “whole of society” approach to cyber security advocated by many States, some participants explained that individuals need to take more responsibility for their own cyber security. If “deterrence by denial” is a key driver of cyber security, this ultimately depends on good individual and organisational cyber hygiene, which requires citizens and organisations to learn how to use technology safely and responsibly. One participant noted that achieving cyber security is a “shared responsibility” incumbent on all actors. That said, another participant noted that a “shared responsibility” approach should not detract from the fact that governments have the primary responsibility for the provision of security including cyber security.