By Darren Thomson, Field CTO EMEAI at Commvault

It is no exaggeration that governments play an absolutely pivotal role in delivering effective cybersecurity. From regulation to investment, national leaders establish priorities, set goals and determine the urgency of our collective efforts across an increasingly alarming range of issues.

With that in mind, where should our leaders focus their time and public investment and what benefits can we expect from improving the existing public-private approach?

Focus on global cybersecurity standards and regulations

Governments must work together to overcome current international enforcement challenges.

While there has been a significant and welcome acceleration in the rollout of domestic and regional cybersecurity regulations, what’s needed next is more effective global coordination. The starting point should be establishing a broad consensus on what is required to address cybercrime and a benchmark for minimum performance standards. Without a more unified approach, regulatory blind spots are inevitable and this can only benefit threat actors.

In the EU, for example, cross-border enforcement remains an ongoing issue with the European Parliament still working to harmonise the response of member states. This illustrates the wider challenge of ensuring regulatory and enforcement cooperation becomes more effective.

Focus on collaboration and information sharing

If governments are going to improve their ability to deliver coordinated action to address cybersecurity issues, I believe there needs to be a much greater emphasis on collaboration and information sharing.

On a domestic level, improving information sharing between government organisations and the business community is key. Effective threat intelligence, for instance, fundamentally depends on proactive collaboration so all stakeholders can act on emerging security risks with the same level of insight. Granted, there is sometimes the need to keep certain information confidential but there remains space for increased collaboration without compromising security.

Remember, this is a two-way street and the private sector already has an established and highly specialised threat intelligence community that could be more effectively integrated into public-sector cyber defence strategies.

Focus on AI

Governments need to focus investment decisions to further support the current levels of technology innovation that drive improvements in cybersecurity. Whether it’s working closely on joint R&D programmes with established industry leaders or improving funding options for startups, the potential for progress is huge.

In the case of AI, the genie is already out of the bottle and there should be a real sense of urgency attached to ensuring organisations can stay ahead of the risks posed by AI-powered malware and other cybersecurity risks. While the private sector is already investing heavily to bring new solutions to market, governments need to lead efforts so threat actors don’t gain a decisive advantage in what’s become an increasingly frantic AI arms race. The EU AI Act, which came into force from August 1 this year, is a good start but it is only applicable to the one region. To truly get a handle on the use of AI and protect organisations from the activities of cybercriminals, governments across the world should consider following suit.

Focus on quantum computing

In the case of quantum computing, where research is largely happening in the private sector, the role of government should be to back the most promising technologies. When these technologies become viable, they are certain to usher in another wave of cybersecurity risk and, collectively, we can’t afford to be playing catch up.

In the same way AI has overtaken us quicker than expected, it’s likely the same will happen with quantum computing. I believe now is the time for governments to offer leadership and give guidance in advance of the potential new risks. Quantum potentially turns this on its head completely and, without preparing for this possibility, the consequences could be devastating.

Focus on the cybersecurity workforce

The global cybersecurity industry suffers from a longstanding talent gap that has a serious impact on the ability of organisations to deliver effective protection. The most recent study from ISC2, for example, revealed that the global cybersecurity workforce gap currently sits at four million people.

Clearly, this problem isn’t easy to fix but I believe governments should take a more active role in developing the cybersecurity workforce by providing funding, resources and support for educational programmes. In many places, there remains a significant disparity between education systems and the skills required for cybersecurity careers.

Despite these various challenges, there should also be optimism. Proactive governments that engage fully with the private sector can be a real force for good in an era where we face more cybersecurity risks than ever before. Get it right and we can have much more confidence that our connected societies will operate with minimal disruption.