The idealistic role of technology has always been to make our lives easier, better, safer. The unintended consequence of such a "noble" vision, though, is that sometimes we as consumers just assume the technology industry is selling more products by serving this public interest. We disengage rather than ask more complicated, critical questions.

Additionally, we are taught to be cost-conscious in our consumption, so personal technology investments are often a race to the price bottom. Given the choice between paying more for a secure thermostat, or buying the cheapest one found online, many will select the economical option. When cost and user-facing features are the primary purchasing drivers, security will lose every time.

For motivated technology vendors, that's not such a bad thing — it means less scrutiny and accountability. But from a consumer perspective, it's incredibly detrimental.

More Eyes, More Accountability, More Progress
Good things almost always come when technology steps out of the shadows and elevates to a "mainstream" issue.

Look at smart assistants. When first introduced, consumers assumed these devices were purely helpful in nature, there to automate and streamline simple tasks through verbal commands. It wasn't until years later that people began to critique their "always-listening" features as a privacy overstep. This public backlash resulted in Amazon, Google, Apple, and other manufacturers offering more transparency about the information smart assistants collect. They also made it easier for users to prevent and delete voice recordings.

The "mainstream" effect is a powerful force for change. And it's time that happens in cybersecurity.

Cybersecurity Awareness Is Improving — but It's Not Enough
Most people only think about cybersecurity when they get a fraud alert from their bank, or when their employer's IT department tells them to change their password. Even then, unless end-users experience a consequential impact to their lives, they tend to deprioritize security over convenience. Companies and society overall have included intrusions and loss of privacy as a "cost of doing business."

Due to an abdication of personal responsibility ("I don't need to worry about security, that's what the tech teams are for!"), general fatigue (many have become numb to the steady drumbeat of breaches and attacks), and an overall lack of cyber education, everyday people don't actively think about cybersecurity.

And though awareness is improving — a recent Harris Poll found that a third of Americans believe defending against cyberattacks should be a top priority for the federal government this year — it's not enough. All too often, security suffers from a bystander effect where nearly everyone within an ecosystem assumes another party will address the problem. The other issue with a broad ecosystem is that pain is rarely felt by enough people to create a sense of shared, sustained urgency.

How We Can Collectively Make Cybersecurity "Mainstream"
Given how critical cybersecurity is — affecting our ability to fill our cars with gasoline or rely on the meat packing supply chain — no one can afford to duck responsibility. Improving cybersecurity is a collective effort. Here are three achievable steps the government, private sector, and the broader public can take to start moving the needle.

Technology has — and will continue to be — a powerful force in our society. But for too long, we have let cybersecurity run in the background, expecting it to work. We can no longer afford that kind of apathy. Cybersecurity affects all of us, and it's time to make it the national, public-facing issue it deserves to be.