The CyberPeace Institute, a significant new global initiative dedicated to safeguarding vulnerable populations from the increasing threat of hackers, was officially launched on September 26, 2019. Headquartered in Geneva, Switzerland, the institute aims to prevent the internet from being weaponized by fostering collaboration within the international community. This ambitious endeavor has garnered substantial support, receiving initial funding from prominent organizations such as Microsoft Corp, Mastercard Inc, and the Hewlett Foundation.

Marietje Schaake, the President of the CyberPeace Institute, outlined the organization's immediate plans to assemble a team of over 20 staff members in its inaugural year. This team, in conjunction with global collaborators, will focus on responding to major cyberattacks that inflict tangible harm on individuals and critical infrastructure, such as incidents that disrupt hospitals or cripple businesses. A core objective highlighted by Schaake is to enhance transparency and accountability concerning cybercrime, stating, “We want to bring more transparency and accountability, and we want to focus on helping civilians who may have experienced harm or become the collateral damage of the cyberattack.”

The institute boasts a robust governance structure, featuring an eight-member executive board and a 14-member advisory board, composed of a diverse group of technical and legal experts alongside human rights advocates. Stéphane Duguin, CEO of CyberPeace, articulated the institute's intention to actively influence global policy and international laws pertaining to cyberattacks. A key aspiration is to promote “responsible behaviour” among both state and non-state actors in the digital realm.

In its operational capacity, the CyberPeace Institute plans to offer technical support to groups identified as victims of cyber incidents. Furthermore, it will publish public reports and detailed technical findings on specific attacks, which could assist others in tracking down the identities of perpetrators. However, a crucial aspect of their approach is the decision not to publicly attribute responsibility for attacks, recognizing the potential political implications and sensitivities involved in such pronouncements, even when strong indicators exist.

The Hewlett Foundation’s involvement in funding this initiative was clarified by Eli Sugarman, a member of the Institute’s executive board and program officer for the Foundation’s Cyber Initiative. He highlighted three primary motivations: first, the institute’s capability to analyze and investigate harmful attacks, thereby drawing attention to them and encouraging accountability; second, its role in promoting international norms of behavior to protect civilians and delegitimize cyberattacks; and third, its commitment to assisting victims in their recovery and ensuring their future safety.

Brad Smith, President of Microsoft, underscored the significant “real-world impact” that cyberattacks can have on people’s access to fundamental services like healthcare, banking, and electricity. He emphasized the institute's vital role in uniting individuals across civil society and the tech sector to facilitate the sharing of data, best practices, and technology, thereby bolstering global resilience against cyberattacks. Smith stated, “The CyberPeace Institute will help do just that.”

The establishment of the CyberPeace Institute comes at a critical time, amidst a global landscape where technological advancements are increasingly accompanied by high-profile privacy and cybersecurity breaches. Countries like Nigeria, for instance, face substantial financial losses, with ministries, departments, and agencies estimated to lose over N127 billion annually to cyberattacks, not including losses incurred by the private sector. The alarming rate, increasing sophistication, and sheer boldness of cybercriminals necessitate comprehensive solutions. While cybersecurity regulations, such as Nigeria's Central Bank Cyber Security Framework, are crucial, the institute aims to facilitate vital information sharing across regulatory bodies to ensure relevance and adherence to best practices, ultimately preventing the further weaponization of the internet. An initiative like CyberPeace holds significant promise in substantially reducing the extent and frequency of damage caused by cyberattacks.