In the US, a massive percentage of the spend on cybersecurity is spent securing the federal government itself and on securing the largest enterprises

That’s an important investment. 

It’s also wildly unbalanced, and has terrifying implications for all of us. 

Digital privacy and safety are becoming a new economic gulf, widening the distance between those who have the resources to secure themselves and their companies, and those who don’t. 

Why should everyone care? Because the fallout of this imbalance affects everyone, directly or indirectly. 

Small and medium-sized businesses can’t afford to be compromised 

Utilities are a prime example of this problem. Different municipalities have their own utilities. Only the largest and most well-funded municipalities have robust IT and security departments. And IT/security is one of the hardest-hit sectors of the Great Resignation, meaning that even municipalities with the resources to hire a strong IT department struggle to find workers. In the case of a breach, there’s no way they can manage reactive forensics, let alone be proactive enough to keep up with every conceivable threat. It’s not just personally identifiable information (PII) that is vulnerable if a utility gets victimized. Think utilities don’t matter? Try having your water supply compromised.  

Agriculture tech is another example. Aside from the very largest, subsidized producers, agriculture operations in the US largely operate on razor-thin margins. Not long ago, a ransomware attack took down a meat processing company. The entire system felt the impact. Now think of the thousands of family-owned and cooperative farms and processors. They certainly don’t have an entire IT/security team. They might be lucky to have one IT employee. Many of them have none.  

We don’t want our utility providers or agriculture system to have to play Whac-A-Mole with cybersecurity threats. We count on these industries to keep us maintaining a basic standard of living. And there are hundreds more examples where these came from. 

It’s not just business, it’s personal 

Digital privacy and safety are also a point of privilege at the individual level. Some people have the resources to prevent victimization or recover from being victimized. Many others don’t. There has been more talk recently of how expensive it is to be low-income in the US. This is yet another way that lack of resources can be devastatingly costly. 

In the US, if you don’t have sufficient resources to buy food, you can apply for assistance. 

It’s by no means a perfect system, but it’s there. 

If you don’t have sufficient resources to pay for medical care, you can apply for assistance. It’s by no means a perfect system, but it’s there. 

If you don’t have sufficient resources to protect your digital security, you’re essentially out of luck. That’s not to say that digital security is as important as food or health care – it certainly isn’t – but I assert that it is a basic right, and it should be treated as such. 

What’s the solution?  

Ideally, the government would allocate more funds to digital security for individuals, families and small/medium-sized businesses. And yet, it’s not that simple. To be effective, it should be a private/public partnership in which industry and government come together to solve the digital security problem. 

We need to start with local educational institutions and emphasize the need for cybersecurity professionals. We need to treat digital security as a noble profession that keeps people and institutions safe and economically stable. We need to educate students and entrepreneurs across disciplines and industries about the importance of prioritizing digital security. 

The government can’t do this alone. It needs to be a cultural shift. Right now, cyberthreat actors are far ahead of most of the rest of the world. If we don’t start taking this seriously and treating it like a fundamental element of security at the government, industry, and individual level, we are just making threat actors’ jobs even easier. We need to act before it’s too late.