A Framework for the Global Governance of Private Cybersecurity Companies

This Policy Brief was first published in https://t20ind.org


Private cybersecurity companies (PCSCs) have developed cyber capabilities significantly greater than those of many governments, including members of the G20. These capabilities focus on protecting the computer systems of their clients and undertaking forensic investigation to attribute responsibility for cyberattacks. However, without proper oversight, such attributions may also exert unhelpful influence on governments, weakening their response to cyberattacks. While PCSCs currently limit their activities to passive cyber defence, the pressure to move into more active forms of cyber defence could lead them to offering cyber offense capabilities to their public and private sector clients. This would pose serious threats to internet stability and international peace, and impact human rights, security, and the rule of law. The G20 should task a commission with exploring PCSCs’ current and future activities, the need for regulation and how to strengthen government cybersecurity capabilities at the global level, particularly in developing countries. The commission´s report should help the G20 develop a Cybersecurity Action Plan to promote responsible and accountable private cybersecurity practices.

Latest Policy Briefs

Register for Updates

Would you like to receive updates on the Global Solutions Initiative, upcoming events, G7 and G20-related developments and the future of multilateralism? Then subscribe here!

1 You hereby agree that the personal data provided may be used for the purpose of updates on the Global Solutions Initiative by the Global Solutions Initiative Foundation gemeinnützige GmbH. Your consent is revocable at any time (by e-mail to contact@global-solutions-initiative.org or to the contact data given in the imprint). The update is sent in accordance with the privacy policy and to advertise the Global Solutions Initiative’s own products and services.