Increasingly, the public and private sector are being tasked to share threat intelligence as part of what the Biden administration calls a “whole-of-the-nation” approach to improving the nation’s cybersecurity. To understand how public-private partnerships can improve, RSA Conference and MeriTalk surveyed 100 Federal and 100 private sector cybersecurity decision-makers to gauge where government agencies and private organizations have made progress and in what areas they can continue to improve.
The survey yielded interesting results and identified common beliefs as well as key perception gaps. Of those surveyed, nearly all (93%) agree that public-private partnerships are vital to national defense, “95% say improved information sharing will provide critical insight in an interconnected world, and 97% feel successful public-private partnerships are key to their organization’s cyber resilience.”
What’s holding organizations back from sharing information? According to the survey results, (69%) of cybersecurity decision-makers reported that they have some reservations when it comes to information sharing with concerns about data privacy, lack of trust, and lack of streamlined information-sharing requirements identified as common roadblocks to information sharing. Still, the vast majority of survey participants (92%) said they actively share intelligence with partners, which include CISA, ISACs, NSA, FBI, and others. However, only 42% of private-sector respondents said they share information with the government, and a mere 23% of cyber-decision makers believe the government shares threat intelligence with the private sector.
The survey is a testimony to the sustaining perception that strengthening private-public partnerships will help to minimize systemic risk and mitigate supply chain risks. Federal agencies and the intelligence community recognize that most private organizations believe a government-led partnership is the best path forward, and several sessions on the RSA Conference 2022 agenda evidence that they are acting on that duty. Affirming that threat intelligence sharing remains critical to combatting cybercrime and fraud, representatives from CISA, DHS, the FBI, and other federal agencies will take the stage to establish the awareness that coordinated incident response, identifying risk, and using threat intelligence strategically are essential steps toward protecting critical infrastructure.
Understanding the perceptions each sector currently holds is vital to continued progress. It’s also vital to determine roles and responsibilities for the key elements of cyber defense so that public and private organizations are better able to work together and reduce cyber risk. To read the full report, Reimagining PublicPrivate Partnerships: Minimizing Systemic Risk and Transforming National Cybersecurity Resilience, visit www.rsaconference.com.