A contingent of leading cybersecurity organizations and nonprofits published an open letter on Friday, calling for large philanthropic foundations and internet billionaires to consider donating to their causes, citing a paucity of available grants and funds.
Posted at CyberPhilanthrophy.org, the letter links to the Peace and Security Funding Index, which shows that cybersecurity grants comprised 4.03 percent (or $15.2 million) of the $376.8 million that foundations allocated to peace and security causes in 2018 – the last full year of available data. That percentage shrinks if you look at the data since 2012; however, in recent years, cybersecurity has become more of a priority. In 2018, cybersecurity was the 11th most funded cause on the index, compared to 17th when it first made the list in 2015.
Still, cyber organizations are hoping that more do-gooders will join the ranks of the William Flora and Hewlett Foundation, Craig Newmark Philanthropies, and the Gula Tech Foundation, all three of which have historically committed funds to cybersecurity causes and also signed the letter.
Signatories also include nonprofit executives Mari Galloway, CEO of the Women’s Society of Cyberjutsu, and Kristin Judge, CEO and founder of the Cybercrime Support Network (CSN). Judge and Golloway told SC Media in a joint interview that while many high-tech and cybersecurity leaders like Microsoft, Google, Trend Micro, Comcast and AT&T have historically been big givers to cyber nonprofits, everyone is competing for the same funds, and there is only so much to go around.
“Within the last two years you’ve seen this boom of nonprofits,” said Galloway, whose organization raises awareness of cyber career opportunities for women. “And we're all fighting for the same money… And so it does make it difficult because now you have to oversell your benefits and ROI for your organization. It shouldn't necessarily have to be like that.”
Therefore, more potential funders have to step up. The problem, however, is that many large foundations, ignore cybersecurity altogether. “A lot of folks, they don't believe in cybersecurity until they get hit by some kind of attack,” Galloway said.
Judge has faced the same problem, finding that many philanthropic organizations don’t think cyber aligns with their areas of interest, be it economic development and disparity, education or mental health. “But it really does. They just haven't been educated, so we really want to help educate people that are giving, that they may have talents or tools or resources or software or funding that really could help this larger ecosystem.”
“The cybersecurity industry has not done a good job engaging the general public, and this includes philanthropic organizations,” said Gula Tech Foundation co-founder Ron Gula, president of Gula Tech Adventures. “Most general philanthropic organizations don't see cyber as an opportunity for social and economic change like they do climate, health or racial equality.”
According to Judge, CSN has been particularly hit hard in recent years, as one of only two only victim services organizations that address cybercrime. CSN used to receive federal funding from the federal Victims of Crime Act, which sets up a Crime Victims Fund that’s stocked through the collection of criminal fines and seized criminal profits. But “the previous [White House] administration basically gutted that by not going after white collar crime and RICO cases. So all of that money is somewhat devastated now,” she said.
Judge said cybercrime victims are the “largest victim class in the United states and growing exponentially, and no one is supporting them.”
While it does not name names, the open letter suggests who the nonprofits are chiefly targeting for more funding: internet-made billionaires.
“One group of funders, in particular, could be playing a vital role fostering a field of disinterested cyber policy expertise: the entrepreneurs who made vast fortunes creating the very technologies that give rise to these threats,” the letter states. “The current generation of internet pioneers, which is only now beginning to realize the responsibility that comes with… success, has the knowledge and unique perspective to make a difference on issues impacting cyber policy and the lives of internet users. The nascent field, and society as a whole, needs their voices… and their dollars.”
Said Judge, “There's a lot of wealth out there, and we just want to make sure those people understand that there's some incredibly organized and efficient nonprofits that are working on shoestring budgets and doing a humungous lift – and that we could lift even further if we had some of those folks paying attention.”
The nonprofit leaders would also like to see certain industries play a bigger role in cyber contributions – especially those that have and will continue to benefit from improved cybersecurity practices and a stronger cyber workforce. These includes finance, education and social media giants.
“Social media… is one of the largest threat vectors,” said Judge. “When people come to us looking for help, one of the number one places they say they were scammed was on social media. So there is a large role for social media to play in this space.”
The organizations that have endorsed the letter provide a myriad of cyber-related services that ultimately serve society. Some help close the cyber skills gap by offering training and education services, others provide cyber solutions and services to small businesses or underserved communities, while still others develop and promote cyber policies.
Additional signatories include top executives from the Center for Cyber Safety and Education; the Cloud Security Alliance; the Cyber Readiness Institute; the Cyber Readiness Institute; the CyberPeace Institute; the CyberWyoming Alliance; the Global Cyber Alliance; the Identity Theft Resource Center; the International Consortium of Minority Cybersecurity Professionals; the Internet Security Alliance; the National Center for Victims of Crime; the National Cybersecurity Student Association; the National Sheriffs’ Association; the National Technology Security Coalition; the Observatory on Social Media; One in Tech, an ISACA Foundation; the R Street Institute; SecureTheVillage; Silverado Policy Accelerator, Inc.; STOP. THINK. CONNECT.; TechCongress; The Global Forum on Cyber Expertise Foundation; Third Way; and Women in CyberSecurity.
Three additional individuals also signed, but their current affiliated organizations were not specifically referenced in the letter: Michael Daniel, president and CEO of the Cyber Threat Alliance and former Special Assistant to President Obama and Cybersecurity Coordinator on the National Security Council Staff; Elayne Starkey, former Delaware CSO/CISO; and Tony Sager, senior vice president and chief evangelist for the Center for Internet Security, and former NSA information assurance professional.
The letter also introduced the hashtags #CyberPhilanthropy and #ExpandCyberFunding.