A note from our editor, Elizabeth MacBride:
The Biden Administration released its cybersecurity policy last week. It shifts the responsibility for cybersecurity explicitly from individuals and small businesses to big tech companies, from Microsoft to Meta (and many more). One line reads, “In a free and interconnected society, protecting data and assuring the reliability of critical systems must be the responsibility of the owners and operators of the systems that hold our data and make our society function, as well as of the technology providers that build and service these systems.”
Note the mention both of companies that “own and operate.” That includes retailers and others, from Target to Marriott, which own data they have collected from customers, possibly a cloud service provider like Amazon that stores that data, and the tech providers, such as Google or Salesforce that “build and service these systems.” This policy impacts makers of software-in-a-box, like Apple and Microsoft, and those who work on SaaS business models (many companies do both).
I think this new policy is akin to the move that put the responsibility for maintaining credit card security onto banks, which has been great for consumers and small businesses.
Related, I wrote a story for CNBC a couple of months ago highlighting the growing movement across the insurance industry and academia to hold big tech companies responsible for the security of their aging products. The story was tough to report. Not because tech executives despise the idea of regulations (smart execs know that regulations can give them cover with their shareholders for changes that might be necessary but expensive) but because it was difficult to find people to speak frankly on the record.
Many people, from academics to executives to founders, fear making powerful tech executives angry, and possible retribution. Tech companies like Google and Apple have generated so much wealth over the past decade or two that their executives and shareholders have gone on to roles in philanthropy, investing and academia. That means lots of people try to curry favor with them, whether it’s for actual funding or their social capital.
Trying to charm a wealthy tech exec through friendly chitchat at a cocktail party doesn’t have much impact on society, one way or the other. But when politicians, deans, board members, investors, managers or employees try to curry favor with wealthy tech execs by becoming self-censoring sycophants, it kills innovation, creativity and political change. I did find people to speak out, eventually, but it took a while.
This is one of the reasons I started Times of E — to fund and publish journalists who know business well enough to highlight the voices that are important but, might otherwise be silenced by prevailing fears. We’re working on rebranding and moving to a new platform this spring, so stay tuned for that!
