Marking the end of the Cyber Initiative

In 2014, the Hewlett Foundation launched a five-year Cyber Initiative to build a more robust and capable cyber policy field. With an initial budget of $4 million per year, the initiative grew in size and was then extended in 2017 for an additional five years, with an increased budget of $10 million per year. Two one-time special allocations for a small number of university anchor grants — one in late 2014 and a second in 2022-23 — increased the total charitable giving on the initiative to $160 million over its 10-year lifetime, which concluded at the end of 2023.

The Cyber Initiative’s goal was to cultivate a field of institutions to which decision-makers can turn, and in which the public can place confidence, for solutions to pressing cyber policy challenges. We pursued that goal via three distinct but mutually reinforcing substrategies: building a set of core institutions with sufficient depth of expertise to deliver solutions to pressing cyber policy problems; creating a talent pipeline that produces experts with the necessary mix of technical and nontechnical skills and knowledge to staff these and other institutions, including government and industry; and supporting the development of organizations and experts capable of translating and disseminating the work of these institutions in forms that can be used by decision-makers and understood by the public.

Throughout the initiative’s 10-year run, we were cognizant that Hewlett alone could never completely “solve” the cyber challenge; the array of cybersecurity issues facing societies was and remains too massive, complex, and ever-changing. Rather, we strived to build a strong foundation for a field that could sustain itself after our planned exit. We aimed to be catalytic in our funding, leveraging our relatively modest resources to have an outsized impact and attract other funders.

When the Cyber Initiative launched nearly a decade ago, the cyber field was small and siloed in various technical and nontechnical disciplines and communities. Few nonprofits focused on cyber issues, and most cyber work was either government-led and related to national security, or private sector-led and focused on securing corporate networks or building new technical tools. The lack of multidisciplinary knowledge, long-term policy planning, and experts with sufficient knowledge to bridge these gaps was acute. Likewise, there were few connections among the disparate actors and no shared language or frameworks to facilitate problem-solving or develop applied solutions to emergent challenges.

The field has come a long way since then and is now larger, more robust, and beginning to become more diverse. Cyber policy is no longer a niche area, but rather one well-known to both the public and leaders across society. The field benefits from an expanding pipeline of new talent from an array of academic institutions, a diverse tapestry of cyber-focused nonprofits, and a small but growing cadre of experts who move seamlessly between sectors and between technical and nontechnical communities. Cyber is no longer exclusively the domain of governments and companies; civil society plays an increasingly important role, with its experts routinely cited in news stories, and their research credited for informing key policy and business decisions.

We are confident saying that Hewlett’s Cyber Initiative was indispensable in building this cyber policy field. Proving that is more challenging. Attribution is notoriously elusive, especially given the expansiveness of field building and dynamic properties of complex systems. Did our grantmaking generate a wave of interest in cyber policy, or did we merely ride a wave of interest stemming from exogenous developments? The best answer is that we did both. As the authors of a summative evaluation we commissioned of the initiative from the consulting firm Informing Change put it, the evidence “strongly supports … most grantees’ assessment” (and ours) that the Cyber Initiative played a unique and critical role in building the cyber policy field, including especially as a convener and provider of flexible, capacity-building support.

In addition to the summative evaluation of the Cyber Initiative, the foundation commissioned a number of other external projects intended to help us understand what we accomplished and what we learned along the way:

Taken together, these works reflect our own understanding of what we achieved, where we fell short, and what we learned about both the cyber policy field and the broader view of philanthropic field building. We believe that the Hewlett Foundation showed foresight in recognizing the importance of cybersecurity as a priority that philanthropy could and should support. The Cyber Initiative played a catalytic role building a cyber policy field to help guide decision-makers through a rapidly evolving problem space.

We are tremendously grateful to all of the organizations and individuals who contributed to the growth of the field over the past decade — as grantees, fellow funders, and colleagues working in civil society, government, and industry. The dedication, creativity, and vision of the cyber field is keeping individuals and societies around the world safer online. The foundation that we collectively laid is solid and will persist and thrive after the foundation’s exit.

Search Our Grantmaking

By Keyword