Strengthening Public-Private Partnerships: The Key to Cybersecurity’s Future

The Role of Private Equity in Cybersecurity

As the managing partner investing in cybersecurity at Thoma Bravo, I was initially apprehensive when asked to participate in a cybersecurity panel at the 2023 Milken Institute Global Conference. Surrounded by experts in government and public sector cybersecurity, representing the voice of the private sector seemed like a daunting task. However, as a private equity firm that has been investing in cybersecurity companies since 2009, Thoma Bravo has a significant role to play in shaping the future of cybersecurity.

Thoma Bravo’s portfolio of cyber companies has an enterprise value close to $40 billion, generating total annual revenue of $5.8 billion and employing over 20,000 people. Our goal is to build great cybersecurity companies through innovation and business management, ultimately generating returns for our investors. This experience positions me to provide valuable insight into the world of private sector cybersecurity.

Common Challenges and Goals

While the public and private sectors may seem like different cultural contexts for discussing cybersecurity, they share fundamental challenges and goals. Both sectors are responsible for protecting the digital economy and society as a whole. As digital transformation progresses, the lines between public and private sectors blur, necessitating collaboration and partnership.

Public-private partnerships (PPPs) have emerged as a way to bridge the gap between the public and private sectors, pooling resources and expertise to strengthen cybersecurity on a societal level. However, many PPPs focus on high-level and abstract aspirations without tangible actions. In private equity, we prioritize concrete actions that create efficiencies, enhance performance, and deliver measurable outcomes in security and business terms.

Advancing Public-Private Cybersecurity Partnerships

Through my participation in the Milken panel, I identified four key areas where the public and private sectors can collaborate to enhance cybersecurity:

1. Adapt the Calculus

Understanding the motivations and calculations of bad actors is crucial to making informed decisions about cybersecurity priorities and investments. Hacktivists, state actors, and profit-seeking criminals have different rational calculations. By sharing knowledge and insights about these calculations, public and private defenders can align their strategies to better defend against cyber threats.

2. Cover the Basics

The weakest links in cybersecurity often lie in overlooked or neglected areas. Basic protections, such as two-factor authorization and identity management, play a significant role in strengthening defenses. Governments and private companies must prioritize fundamental cyber hygiene to effectively safeguard their systems. By focusing on these basic yet essential measures, defenders can make a significant impact on cybersecurity.

3. Innovating for Profit

R&D investments are crucial for the future of cybersecurity, particularly in the face of rapidly advancing digital technologies. However, productive R&D requires a focus on profitability and business discipline. Great innovation should align with business objectives to ensure its practical implementation. By integrating profitability into cybersecurity R&D, we can maximize the value of innovation and drive meaningful progress in defense.

4. Learning to Row

Information sharing between the public and private sectors is essential for effective cybersecurity. Building a systematic and specific approach to information sharing, even outside of times of crisis, strengthens coordination and collaboration. By practicing regular information sharing, both sectors can develop the necessary muscle and coordination to act swiftly when faced with cyber threats. This unified approach will contribute to a more secure digital environment.

The Future of Cybersecurity

Participating in the Milken panel reinforced my belief in the critical role that public-private partnerships will play in shaping the future of cybersecurity. However, successful partnerships require less finger-pointing and more substantive collaboration. It is essential to identify specific areas for partnership and consistently measure results to benefit society as a whole.

Cybersecurity is a complex and ever-evolving field that demands the collective efforts of the public and private sectors. By leveraging private sector pragmatism and expertise, we can accelerate progress in enhancing global cyber coordination. Strengthening public-private cybersecurity partnerships will fortify our digital defenses and protect the fabric of our digital economy and society.

Advice for Building Strong Public-Private Partnerships:

• Focus on concrete actions and measurable outcomes rather than abstract aspirations.
• Understand the motivations and calculations of different threat actors to inform cybersecurity strategies.
• Prioritize basic cybersecurity measures, such as two-factor authorization and identity management, to strengthen defenses.
• Channel R&D investments towards profitability and business objectives to drive impactful innovation.
• Establish systematic and specific information sharing practices to enhance coordination between the public and private sectors.
• Ensure partnerships are based on collaboration, with a common goal of societal benefit.