An Optimist’s Guide to Solving Our $6 Trillion Cybersecurity Problem

Our war on cybercrime is at a critical tipping point. Hackers are getting increasingly sophisticated, with cybercrime damages projected to reach $6 trillion in the next three years. Despite steady increases in cybersecurity capabilities, spending on cybersecurity will rise to the tune of $114 billion this year. At face value, the situation is very concerning, but the reality is that humanity has solved harder problems that had higher stakes with much less know-how, technical capability and resources than we have today.

Take polio. It was eradicated after many decades of effort with the collaboration of international scientists, governments, nonprofits and others who discovered vaccines and overcame logistical and cultural obstacles to put an end to the crippling disease.

Another example is World War II, where signals intelligence was crucial to helping the Allies eventually win. Cryptographers at England’s Bletchley Park managed to crack the German “Enigma” cipher after evolving techniques from Poland. Meanwhile, U.S. signals used by Navajo code talkers were never deciphered, keeping ally secrets out of German hands.

The central ingredient to those successes was optimism, the belief that these highly complex and profoundly important problems had a solution. This mindset is critical to our future with cybersecurity, and now Alphabet’s first cybersecurity company, Chronicle. Here are five principles I recommend other CEOs and their executive teams adopt:

1. Engage directly on cybersecurity

CEOs need to be prepared to get as involved in the organizations’ cybersecurity efforts as much as possible because the stakes are too high not to. It’s clear we can’t spend our way out of this situation. And the problem is too big to just delegate. It’s not solely the responsibility of the CISO or CIO to solve the problem. Even if you don’t have the security expertise, you need to be aware of what the risks are and make sure your teams have the right tools to minimize them. Attend an industry event like RSA or Black Hat to see what’s happening in the cyber world so you can make smarter decisions. Ultimately be more accountable to your customers and shareholders.

2. Know who your wizards are

Surround yourself with the best people who can understand the complex security issues even if it’s not their day job. I’m not talking about executives; I’m talking managers, technical leads and analysts who are fully entrenched in the ranks on the frontline of the threats your organization is dealing with. And among security staff, get to know the person who understands where the weaknesses are and who is best to call in a cyber emergency. Meet regularly with your security wizards to get updates on the state of security at the company and make sure they have what they need to do their job.

3. Sponsor your Red Team

Create a Red Team to test out your organization’s defense, following a common military exercise where internal Red Teams attack and Blue Teams defend. This approach is helpful for learning where vulnerabilities exist and vital to determining how to fix them. Champion these efforts and participate where you and your executive team can to support the teams in these efforts.

4. Avoid the competency trap

As business leaders, we generally think we are better at running a company than we actually are and we should always be in learning mode on how we can improve our leadership. When you’ve been doing something for a long time you tend to follow the same familiar thoughts and paths because they have historically worked. Avoid getting caught in a conceptual rut that leads your team to approach problems the same way they always have. Don’t be afraid to take risks and try new things and when you need to fail, make sure it is fast and the team can recover and move on. Make “be bold” a top-down mantra.

5. Stay optimistic

The cybersecurity problems within organizations cause a lot of anxiety and keep executives and security professionals up at night, but they don’t have to drag down morale. Leaders need to stay positive and avoid defeatist attitudes so their minds will be open to new, creative ways of resolving problems. Negativity easily trickles down and if staff are pessimistic they aren’t successful. It might seem daunting, particularly in the face of big data breaches and ransomware attacks, but the collective forces of good do outnumber the bad and I believe the tides are finally turning to the side of good in this struggle.

The world is getting increasingly digitally connected and cyber threats are expanding to more connected devices that are running our businesses and part of our lives. Customer data, intellectual property, critical applications and services in government and industry are at risk if we don’t work together in new ways to identify the challenges and mitigate the risk that faces us all. We do a disservice to humanity if we don’t change our approach to solving this problem as we have other seemingly intractable problems in the past. The path to improvement takes a major shift in mindset. With more optimism, ingenuity and cooperation within companies and across private industry and the public sector we can make a significant difference in giving good the advantage in cyber.

Stephen Gillett CEO & co-founder, Chronicle (an Alphabet company)