Marking the end of the Cyber Initiative

Throughout the initiative’s 10-year run, we were cognizant that Hewlett alone could never completely “solve” the cyber challenge; the array of cybersecurity issues facing societies was and remains too massive, complex, and ever-changing. Rather, we strived to build a strong foundation for a field that could sustain itself after our planned exit. We aimed to be catalytic in our funding, leveraging our relatively modest resources to have an outsized impact and attract other funders.

When the Cyber Initiative launched nearly a decade ago, the cyber field was small and siloed in various technical and nontechnical disciplines and communities. Few nonprofits focused on cyber issues, and most cyber work was either government-led and related to national security, or private sector-led and focused on securing corporate networks or building new technical tools. The lack of multidisciplinary knowledge, long-term policy planning, and experts with sufficient knowledge to bridge these gaps was acute. Likewise, there were few connections among the disparate actors and no shared language or frameworks to facilitate problem-solving or develop applied solutions to emergent challenges.

The field has come a long way since then and is now larger, more robust, and beginning to become more diverse. Cyber policy is no longer a niche area, but rather one well-known to both the public and leaders across society. The field benefits from an expanding pipeline of new talent from an array of academic institutions, a diverse tapestry of cyber-focused nonprofits, and a small but growing cadre of experts who move seamlessly between sectors and between technical and nontechnical communities. Cyber is no longer exclusively the domain of governments and companies; civil society plays an increasingly important role, with its experts routinely cited in news stories, and their research credited for informing key policy and business decisions.

We are confident saying that Hewlett’s Cyber Initiative was indispensable in building this cyber policy field. Proving that is more challenging. Attribution is notoriously elusive, especially given the expansiveness of field building and dynamic properties of complex systems. Did our grantmaking generate a wave of interest in cyber policy, or did we merely ride a wave of interest stemming from exogenous developments? The best answer is that we did both. As the authors of a summative evaluation we commissioned of the initiative from the consulting firm Informing Change put it, the evidence “strongly supports … most grantees’ assessment” (and ours) that the Cyber Initiative played a unique and critical role in building the cyber policy field, including especially as a convener and provider of flexible, capacity-building support.

In addition to the summative evaluation of the Cyber Initiative, the foundation commissioned a number of other external projects intended to help us understand what we accomplished and what we learned along the way:

• We asked our colleagues at BAYCAT (also a grantee of Hewlett’s Performing Arts Program) to create a short video with interviews of key Hewlett Foundation staff and Cyber Initiative grantees, reflecting on their accomplishments and thinking about what’s next for the field.
• To understand our Cyber Initiative’s place in the larger story of the development of the cyber policy field, we asked historian and author Garrett Graff to write a short history of the field’s growth over the past 25 years.
• Scholars at George Washington University completed a final assessment of how media coverage of cyber issues has changed over the course of the initiative — a longitudinal study we commissioned to help us measure the impact of our grantmaking supporting improved “translation infrastructure” in the field.
• Our grantees at UC Berkeley’s Center for Long-Term Cybersecurity created a comparative study of interdisciplinary cybersecurity education and curricula, by researchers Lisa Ho, Shaar Rabieib, and Drake White.
• And finally, we asked graphic recorder Angelique McAlpine to create this visual representation of the themes that emerged from a session on The Next 10 Years of Cyber Policy at our final grantee convening in the fall of 2023.

Taken together, these works reflect our own understanding of what we achieved, where we fell short, and what we learned about both the cyber policy field and the broader view of philanthropic field building. We believe that the Hewlett Foundation showed foresight in recognizing the importance of cybersecurity as a priority that philanthropy could and should support. The Cyber Initiative played a catalytic role building a cyber policy field to help guide decision-makers through a rapidly evolving problem space.

We are tremendously grateful to all of the organizations and individuals who contributed to the growth of the field over the past decade — as grantees, fellow funders, and colleagues working in civil society, government, and industry. The dedication, creativity, and vision of the cyber field is keeping individuals and societies around the world safer online. The foundation that we collectively laid is solid and will persist and thrive after the foundation’s exit.