Multi-stakeholder initiatives (MSIs) are nowadays widely seen as a solution to address systemic cybersecurity challenges. Are such initiatives delivering the desired result and if not, what can be done to improve their performance?
The WEF Global Risk Report 2020 highlights how ‘unless stakeholders adapt multilateral mechanisms for this turbulent period, the risks that were once on the horizon will continue to arrive.’
Multi-stakeholder initiatives are not new, they have emerged as an attractive new form of governance for mobilizing funding, technology and expertise in a range of policy spaces including, amongst others, climate crisis, health, human rights, conflict prevention, peace building, and more recently cybersecurity.
The creation of a new MSI is typically triggered by the recognition that the scale, complexity and transnational character of a challenge at hand requires multi-stakeholder cooperation. The activity of MSIs varies from establishing dialogues and knowledge sharing to setting industry standards and to encouraging collective action for policy development.
Such initiatives feature the agreement in principle of all participants to work together to achieve a common purpose and to share risks, responsibilities, resources, competencies, and benefits.
The international endorsement for multi-stakeholder cooperation to mitigate the global spread of cyberattacks plague is getting stronger and louder by the day. This has resulted in the launch of a multitude of initiatives at the international level including, amongst others, the World Economic Forum Centre for Cybersecurity, the Paris Call for Trust and Security in Cyberspace, the Global Commission on Stability in Cyberspace, and the Global Conference on Cyberspace.
Can multi-stakeholder initiatives deliver?
MSIs have been widely used as cooperation platforms to complement governmental efforts to implement the Sustainable Development Goals (SDGs) set in 2015 by the United Nations General Assembly and intended to be achieved by 2030. The SDGs are a collection of 17 global goals designed to be a true global blueprint for a sustainable future for our planet, our communities, our families and our economies.
The lessons learned from the MSIs implemented in support of the SDGs could prove very useful to improve existing multi-stakeholder initiatives in cybersecurity and to develop more impactful ones in the future.
Several building blocks have been identified as a foundation for MSIs to fulfil their potential as innovative instruments for multi-stakeholder cooperation:
- Governance model
- Roles and responsibilities amongst stakeholders
- Value-add to stakeholders
- Goal setting
- Investment
- Performance monitoring
- Analysis of external factors
At the strategic level, for MSIs to succeed, it is important to first identify and map stakeholders. When deciding the driving force of stakeholders, consideration should be given to what is the top motivation for each stakeholder and which ones are the biggest supporters and opponents.
Second, a strong plan is paramount for the development of realistic goals. Objectives serve as a means to establish pragmatic expectations amongst participating stakeholders, orient action, and promote commitment to the initiative’s agenda.
Third, key to the success of the MSI is for it to receive sustainable financial and/or human resources from all the participating stakeholders throughout its lifespan. All participants need to be strongly committed to core goals and share in equal measure the responsibility for supporting their implementation.
At the operational level, the institutionalization of the MSI has been identified as a relevant factor to its success too. Its formalization achieves the establishment of clear roles and responsibilities amongst stakeholders as well as of a transparent governance structure to guide and monitor partnership implementation.
Another fundamental aspect that shouldn’t be neglected is the macro level. There could be instances where the MSI co-exists alongside other initiatives which are aimed at addressing similar problems. Therefore, careful examination of the context is paramount for the development of a vision where the MSI is adding value by filling a gap.
There may also be other contextual matters which require careful analysis; for example, a shifting policy landscape could represent an obstacle to unlocking the significant investment potential from the different stakeholders involved.
In conclusion, there is much to be learned from the challenges faced by the MSIs implemented in support of the SDGs. These lessons may prove to be very useful in building more effective multi-stakeholder initiatives in the field of cybersecurity. The more robust the inputs and the governance are, the better the outputs.
Though the MSI approach is not a universal cure that will be able to address all the problems we are facing in the cyber domain, it is widely accepted as the optimal way to achieve effective multi-stakeholder cooperation.