March 31, 2021
2020 was a transformational year for the cyber industry worldwide. Evidence abounds - from job creation, rising investment, and to development of new regulation - that cyber is the new social frontier. Personally, it was a year of discovering the thrill of supporting cyber security start-ups to develop and grow their businesses. The key aspect of my role as the NCSC Cyber Accelerator’s Programme Manager is to pre-empt and respond to start-ups’ needs. In practice, it has been a balancing act between playing detective (plenty of technical jargon to catch up on!) and a crash course in resilience, determination and grit.
My immersion into the sector coincided with the erasing of boundaries between the cyber sphere and physical realm. Cyber security solutions increasingly permeate our online lifestyles. Recent rises in online phishing and broader cyber security risks also means that online protection remains front of mind for a majority of internet users. The Accelerator’s start-ups were quick to identify the most vulnerable groups and responded with the rollout of creative solutions. These varied from digital well-being services aimed at parents and families, the financially vulnerable, toy buyers, and recent victims of data breaches to small businesses baffled by changing GDPR regulations - and many more.
I was particularly fascinated by ways in which deep tech products - innovations founded on extensive R&D –engage with evolving narratives around digital and cyber ethics. 2020 accelerated an array of regulatory and ethical questions surrounding our online trails, and more specifically concerning digital identity, data privacy, rights to information, and consideration of bias in algorithms and AI. Many cyber solutions not only aim to tip the balance in favour of the user - they also offer case studies in how to do so.
As public attitudes towards online privacy keep shifting, so does the definition of online privacy itself. Beyond our online activities, the rise and adoption of facial, gait and voice recognition algorithms, as well as geocoded mobile data, calls for greater demand for privacy and trust. Digital identity solution providers, such as the ones supported by the Accelerator, specialise in protecting users against the theft and misuse of their digital identity. Moreover, they address a number of ethical and practical challenges often surrounding digital identity systems, including concerns about profiling, digital exclusion, algorithmic decision making and ease of adoption, to name a few.
Internet users are becoming more aware of digital identity, data privacy and digital footprint challenges. The popularisation of websites disclosing information about online breaches supports the argument for the right of citizens to keep track of the previous consents they give, and for an active control over their data sharing. In response, the Accelerator alumni are working to empower and educate the cyber newcomers about ways of controlling their digital footprint. The new cyber solutions may further inspire responsible and timely security breach notification policies, and answer the thorny questions of how, when and how much information should be disclosed to relevant stakeholders, once the breach has taken place.
While there is no one-size-fits-all cyber offering, the common thread seems to include trade-offs in development and deployment of cyber solutions. Achieving a balance between accessibility and security, privacy and convenience, and functionality and compliance is a regular challenge for technical teams. What is unique in the field of cyber ethics is the evolving demand for balancing security with other values, for example, maintaining both data integrity and data security, and more broadly, balancing security with autonomy, transparency, accountability. A number of rising conflicts are evident in the fields of incident response, data storage and encryption, security testing, network monitoring, IoT and smart grid design, smart cities development, and many more.
Fortunately, the field is drawing in an increasing number of professionals interested in pondering these challenges. It has been very inspiring to encounter the variety of personality types, backgrounds and perspectives of founders I have been working with. The mission of the Accelerator has been to help make the UK the safest place to live and work online. Yet, the lessons I’ve taken away from the Accelerator were equally about self-belief and the confidence to take risks, the grind following the development and validation of deep tech solutions, and an occasional benefit of speaking Klingon at a cyber security gathering.