The Social Impact of Cybersecurity

I was recently at a dinner party at a friend’s home. That night, we were passing the hat to raise money for a social justice project that works to provide clean drinking water to impoverished communities around the globe. As part of that ritual, we all said the reasons why we felt so passionately about this cause.

When the time came for me to discuss my passion for the poor to have access to water, I spoke my piece. After the dinner, I was approached by someone at the table. She remarked how surprised she was to hear that someone who works in cybersecurity cares so much for this issue and the people it impacts. I was surprised to hear that people do not see cybersecurity as an industry focused on social impact. Perhaps, we should all consider more closely the impact technology has on the lives of others and the inherent inequities involved.

The Internet has been the most democratizing force on the globe since electrification — and previously the printed word. More than half the globe is connected. Nearly all of the world’s economy relies on the Internet. Depending on your circumstance, some or all of your life will be touched by it in some meangful way. From the mining of rare earth elements and the powering or cooling of data centers to the phone in your pocket and the payment you made to buy it, no one is left untouched by technology.

At the same time, a disturbingly large portion of our world lives in poverty. Even more of the world lives right around the boarder of the poverty line. This is an economic problem — and now a security problem for the globe and for America.

Identity theft, fraud, and the full monetization of the individual is at devastating risk. People, their information, their digital personas, and their secrets are the targets.

When we think of hacking, we tend to believe that this is a problem that only affects the rich or large corporations. To put it another way, those with agency are the targets. After all, they are the best targets — they have the money. But that’s wrong.

While on the face of it that may seem true, those with agency are protected by the institutions that serve them. Fraud prevention services, credit monitoring, insurance — these institutions and many more are inherently integrated into the lives of those with agency. Other important functions are for sale and can be afforded by those with the means to purchase. But those without agency operate their lives without the protection of those institutions and services. This puts them into jeopardy.

Meet Tanya. She is an unmarried, American or European, female. She is thirty-five, has a lower-income job, a child, and owns a low-income home. Like many other westerners, she lives paycheck to paycheck, mostly uses a pre-paid debit card she got at a convenience store, banks at a community bank, and shops at discount stores and uses urgent care centers when she or her children fall ill. She has few if any institutions to protect her. The institutions she patronizes likely have little to no mature or effective cybersecurity capaability. But merely by the fact that she is a westerner, she is a target. Yet, she has to defend herself from attackers — because no one else can. And she’s totally getting owned — without even knowing it. She’ll never bounce back.

Now meet Anna. She is a married, American or European, female. She is also thirty-five but she has a law degree, a well-paying job, many major credit cards, a personal banker, a Bergdorf personal shopper, and a personal chef. She uses a world-class health system when she or her children fall ill. She lives her life interfacing with high-quality institutions who defend her from attackers. Her wealth has helped her inherit the best practices of cybersecurity each and every step of the way. She’s getting owned too — but she gets alerted, insured, made whole again, and protected by her institutions crushing it on their security game. She bounced back before you got done reading this.

When security practitioners fail — the most vulnerable pay. Their lives are destroyed. They rarely recover.

I can understand why many may not associate social impact with cybersecurity. It isn’t obvious. And it may not even be the motivation of many who work in the field. But that does not mean that the outcome isn’t real. It doesn’t mean that our work does not directly impact the safety and security of a connected society.

For years, technology policy advocates have worked on addressing the digital divide — that is the gap between those with access to quality internet and those without. Yet, security never seems to find its way into the conversation. But access to the internet alone is not the only important factor. Cybersecurity is critical — especially for those on the margins of society who may never recover from an attack.

As security practitioners, researchers, entrepreneurs and investors, we need to change the conversation. Cybersecurity is not a luxury good. It isn’t just something for the wealthy to access. If we treat it that way — intentionally or not — we run the risk of putting already vulnerable classes of people in real peril. We also run the risk of damaging the virtue of the Internet and a connected society.

We need to move the conversation forward. Cybersecurity leaders in industry, government, and investment capital have to start elevating the human impact of our work. This isn’t because we need to look cool at dinner parties — it is because we believe in a free and safe society for everyone — everywhere.

— Alex Kreilein

I write about technology, cybersecurity, startups, and the human experience. I am also a Managing Partner with the SecureSet Accelerator. If you are building exciting cybersecurity or enabling technology products, come Join Us for an immersive experience where we bring customers into iterative product builds and drive rapid market traction!