Brainstorm HealthBrainstorm DesignBrainstorm TechMost Powerful WomenCEO Initiative

Cybersecurity experts say public-private partnership is the key to preventing future attacks

November 16, 2021, 6:25 PM UTC

The number of data breaches through the third quarter of 2021 is up 17% over the previous year combined, according to the Identity Theft Resource Center. A study by IBM and the Ponemon Institute says the cost of the average data breach is up to $4.24 million, up from $3.86 million in 2020. Some estimates say cyberattacks could cost businesses and government agencies $6 trillion in 2021 alone, with that number rising dramatically in the years to come. 

With hacks coming from foreign governments and small groups of cybercriminals alike, a question remains—who’s responsible for preventing these attacks, the government or the corporations? According to Kiersten Todt, the Chief of Staff of the Cybersecurity and Infrastructure Security Agency, a federal agency operating under the Department of Homeland Security, the only way forward is to have businesses and the government fighting this digital war together. That’s why CISA launched the Joint Cyber Defense Collaborative initiative in August, a public-private partnership to help boost cybersecurity with Amazon, Google, and Microsoft all taking part. 

“What this is doing is sort of taking that approach and turning it on its side because it’s really about operational collaboration,” Todt said at the Fortune CEO Initiative conference in Washington, D.C. on Tuesday. “I’ve had a lot of thinking around, ‘Is this a concept that could have succeeded a few years ago?’ and I’m not actually sure that it could have because one of the things that SolarWinds demonstrated was that the private sector has enormous intelligence capability on each of its own companies. Government has capabilities in understanding nation-state activity.” Todt noted the marriage of government and corporate capabilities to detect, prevent, and share information about an attack before it happens is at the heart of operational collaboration. ”This operational collaboration has already been put into effect and has had some successes, and it is going to expand out to different companies,” said Todt.

This public-private partnership is crucial, according to Christian Brose, the Chief Strategy Officer of the defense tech company Anduril Industries. “When I was in government three years ago, the thing that we were all struggling with was, ‘Who is responsible for what?’” he said. “‘When is a private company responsible for defending itself in this kind of gray zone? Is it really responsible for defending itself when it’s being attacked by a pure adversary with nation-level capability?’ At what point does the government really have to take responsibility for that? So the ability to actually begin marrying [these efforts], in an operational sense, is super important.”

“That’s so important, because when we were just talking about this before, a few years ago,we recognized that cyber is the only domain where we ask industry to defend itself,” Todt added. “Having that type of pre-event work so that you’re not, in a time of crisis, trying to figure out where the marks are for who does what but there’s actually a benefit to working together and it’s not seen as a penalty is an important step in progress.”

It’s an urgent development, Brose said, because we’re past the time to be worrying about eventualities in cybersecurity. “The thing that I would sort of underscore here is the future is now, the future is not coming,” he said, noting that there are cheap drones and A.I.-enabled weapons being used in conflicts around the world. “We oftentimes talk about getting ready for the future, and I would argue we’ve actually already been ambushed by it.”

To combat that, Todt said CISA is working to enlist talent from all different backgrounds to create comprehensive strategies for protecting against the aforementioned data breaches and ransomware attacks. This effort includes bringing hackers, academics, differently abled individuals, and people from all ethnic backgrounds to create new solutions.

“We think about cybersecurity in math and science, but if we’re truly going to be innovative in looking at these solutions, we have to look at interdisciplinary solutions and therefore individuals that have capabilities that go beyond math and science,” she said. “We need sociologists, psychologists, economists, politicians, historians, all of these types of skills to be brought into government to be able to feed into the solutions and the innovative approaches.” Diversity of thinking, Todt emphasized, is the key to finding solutions, which is why CISA is focused on its diversity, equity, inclusion, and accessibility programs.

“I’m particularly proud of the fact that we’re going to be the second agency to work with MITRE on an accessibility program and we’ll have three individuals with autism working at CISA,” she continued. “We’re going to be bringing on different types of individuals with needs and disabilities, and it’s something that I’ve worked on a lot in other capacities. When we think about how we’re going to build this space, it’s making it accessible to everybody and truly valuing diversity for what it is and what it can contribute.”

More tech coverage from Fortune:

Subscribe to Fortune Daily to get essential business stories straight to your inbox each morning.