Private cybersecurity companies (PCSCs) have developed cyber capabilities significantly greater than those of many governments, including members of the G20. These capabilities focus on protecting the computer systems of their clients and undertaking forensic investigation to attribute responsibility for cyberattacks. However, without proper oversight, such attributions may also exert unhelpful influence on governments, weakening their response to cyberattacks. While PCSCs currently limit their activities to passive cyber defence, the pressure to move into more active forms of cyber defence could lead them to offering cyber offense capabilities to their public and private sector clients. This would pose serious threats to internet stability and international peace, and impact human rights, security, and the rule of law. The G20 should task a commission with exploring PCSCs’ current and future activities, the need for regulation and how to strengthen government cybersecurity capabilities at the global level, particularly in developing countries. The commission´s report should help the G20 develop a Cybersecurity Action Plan to promote responsible and accountable private cybersecurity practices.
Register for Updates
Would you like to receive updates on the Global Solutions Initiative, upcoming events, G7 and G20-related developments and the future of multilateralism? Then subscribe here!