The TechCrunch Global Affairs Project examines the increasingly intertwined relationship between the tech sector and global politics.
Throughout 2021, global news seemed to ricochet between the rapid spread of new iterations of COVID-19 and cyber criminality — both becoming increasingly creative and disruptive as they mutate in a battle for survival; both interlinked as cybercriminals profit from rapid digitalization forced by COVID-19 lockdowns. In a recent interview, a prominent cybersecurity executive pointed out that alongside birth, death and taxes, the only other guarantee in our current lives is the exponential growth of digital threats.
Yet misperceptions over cybersecurity — particularly that it is complex, costly, onerous and even futile — has led many emerging economies to leave cybersecurity behind as they seek to join the Fourth Industrial Revolution. But without mature cybersecurity policies, states might find themselves unable to fully realize the potential of their digital economies.
Reframing cybersecurity as a path to opportunity and competitive advantage in the development of innovation ecosystems could be the key to increasing individual states’ cyber resilience, as well as strengthening the global digital ecosystem for all.
Innovation or security?
As 10 billion devices are set to join the Internet of Things (IoT) by 2025, emerging digital economies are vying to be at the center of this revolution. In 2020, about $2.4 billion worth of investment was deployed in African startups and Africa’s e-commerce sales are projected to reach $75 billion by 2025. It is home to half of the 40 fastest-growing emerging and developing countries and is currently the most entrepreneurial continent. This trend will only accelerate as initiatives to close the digital divide by 2030 connect the remaining 78% of the population to the internet.
But as internet access expands, so too, will global cybercrime. Experts estimate that cybercrime will cost the world economy $10.5 trillion annually by 2025. While digitally advanced nations have responded by bolstering their cyber defenses, Africa’s innovation ecosystem remains one of the most under-protected globally.
Only 10 out of 55 African countries have ratified the African Union Convention on Data Protection and Cybersecurity (the Malabo Convention) and Africa continues to be the lowest-scoring continent on the International Telecommunication Union’s (ITU) Global Cybersecurity Index. Despite ITU and World Bank initiatives, only 29 countries in Africa have any type of cybersecurity legislation and only 19 have cyber incident and emergency response teams. This leaves African economies exposed and African leaders outside of the bodies shaping global cybersecurity policy.
When viewed globally, this rapid investment in innovation systems without concurrent investment in security creates a digital maturity-security paradox, in which attackers can exploit the gap between these two levels of maturity. In turn, those entities within the states and the states themselves are left doubly exposed and vulnerable as they become low-hanging fruit susceptible to opportunistic and malicious cyber criminals.
In a dynamic reminiscent of vaccine geopolitics, this runs the risk of leaving states with fledgling and fragile innovation systems exposed.
Cybersecurity fight or flight?
It would be logical to assume that the increase of cyber incidents — and the sticker shock costs associated with them — should lead to increased cybersecurity. Yet, counterintuitively, the narratives of cybersecurity that spur action in the West either lead to policy paralysis or restrictive knee jerk reactions.
As game theorist and Nobel laureate Thomas C. Schelling noted “there is a tendency in our planning to confuse the unfamiliar with the improbable … what is improbable need not be considered seriously.” Many digitally developing states consider themselves outside of the great power politics that underpin malicious cyber activity. It seems improbable to them that they would be victims to the magnitude of action witnessed in Russian-U.S. cyberspace confrontations, the China-U.S. race for digital supremacy, or the Iran-Israel digital war of attrition. Protecting from such cyberattacks is low on the list of policy imperatives.
Digitally advanced nations have responded to the rapid proliferation of cyber threats with cybersecurity mechanisms such as new legislation with draconian punishments for failure to report cyber incidents and ransomware payments and coordinated international initiatives to paralyze ransomware gangs such as REvil. At the other end of the spectrum, digitally developing states are often ill-incentivized and ill-equipped to unravel the perceived complexity of cybersecurity measures required to address these threats.
This is compounded by a wariness of Western cybersecurity paradigms, which many see as a form of potential technological neo-colonialism. Demands for regulatory compliance, adoption of norms and purchase of Western cybersecurity technologies are often perceived as stifling these nations’ opportunities for growth. And, attempts at trying to shame states into cybersecurity compliance can be perceived as an attack on their sovereignty, which could backfire and drive states to seek alternative paradigms such as internet shutdowns that may ultimately threaten their access to the benefits of the free, open and interoperable internet.
More frequently, though, leaders often react to overwhelming threats with paralysis — and fail to act at all.
It is the CISO’s mantra that cybersecurity is a team sport. In the global context, this means ensuring that developing digital economies want to be part of the team. To achieve this cybersecurity needs a radical makeover.
Radically reframing cybersecurity
Cybersecurity advocates can start by reframing cybersecurity as an opportunity to build a vibrant and resilient innovation ecosystem rather than a burden or a restraint. New narratives that emphasize the attractiveness and value of cybersecurity are needed to counteract perceptions of unreasonable standards that stifle innovation.
For instance surveys show that cybersecurity and data privacy is a major source of competitiveness for retailers, outranking even price sensitivity. Meanwhile, recent U.S. and British initiatives, like the new State Department Cyber Bureau and the U.K.’s National Cyber Strategy 2022 have highlighted strong cyber ecosystems as strategic advantages.
Governments of mature digital economies, multilateral institutions and cybertech providers should emphasize that those states able to protect themselves will be the most sought-after partners in the digital revolution. They will also be those able to shape global conversations on cybersecurity.
The value of safer net for all
A vibrant and competitive digital economy that leads to prosperity for all requires open and interoperable networks that are trusted, safe and secure. States that are able to leverage best practices to secure their innovation ecosystems will lead the way in disruptive development. But to induce states, SMEs and individuals to take cybersecurity seriously requires a shift from advocating policy built from fear toward policy built on an optimistic rationale for cybersecurity.
Changing the narrative also requires digitally mature states to provide sustained support to those more vulnerable. This is more than digitally developing states being just a market for cybertech exports and cybersecurity strategy blueprints, but a commitment to helping develop the infrastructure that unleashes the benefits of cybersecurity locally and globally. Through a radical reframing of cybersecurity as an opportunity, states and societies can work together to ensure that innovation systems built on safe digital inclusion can create a safer net for all and the potential of the internet as a force for good will be realized.