Across his career of designing and building cybersecurity products, Jadon repeatedly came face to face with an upsetting status quo. There are a ton of great products on the market, but they still aren’t reaching those with the greatest need: consumers, small businesses, non-profits, and even our critical infrastructure. The impacts are crippling, as small businesses make up the backbone of our economy. Yet, the average security posture and technical controls of an SMB suggests that little has changed in the last few decades.

After extensive research into private-side solutions, we’ve concluded that the fundamental issue driving this bad equilibrium is one of mismatched incentives. The increasing need for security among the public and small businesses hasn’t translated into increased demand that the market can measure because of structural issues, some of which the Biden administration has recently come to acknowledge.

Small businesses do not have the cash or mindshare to devote to cybersecurity, and VC-backed innovators find it almost impossible to create and sell products to this segment before being forced back towards catering to enterprises. What’s more, technology alone can’t solve this issue. Adoption of technology controls relies also upon overcoming significant cultural, language, and privacy barriers that further characterize the SMB segment as financially unviable for entrepreneurs.

In short, this problem is not going to get solved if we, as a nation, keep prioritizing profits and relying on the free market or government to solve on their own.

Between November and February, from Rome to Washington D.C., birdwatchers and locals alike gather at dusk to see the curious swarm behavior of starlings called murmuration. As the poet, John Updyke writes:

The ephemeral Rorschach test has its clear benefits– the dazzling display leaves predators confused and intimidated. Yet, scientists have long puzzled over how the flock dynamics are possible– how is the group able to coordinate with each other? Modern mathematical models suggest that each individual starling instincitvely modulates its behavior based on its nearest 6-7 neighbors.

Hence, the inspiration for Murmur, a social venture with 501(c)(3) status. Cyber criminals target SMBs because they are easy prey. Our mission is to facilitate a Common Cyber Defense that makes the asymmetric protection of SMBs possible:

• Create free, publically accessible research that policy-makers and product leaders can use to inform policy and product creation.
• Develop a technology stack that is designed to be both comprehensive and affordable for small businesses to safeguard their businesses from cybersecurity threats. Work with security vendors to extend their offerings to business owners that would benefit from their products but do not fit their Ideal Customer Profile.
• Work in collaboration with governmental officials at the local, state, and federal level to facilitate adoption of good cybersecurity protections across the small business sector, including through public-private partnerships to facilitate not only awareness, but importantly, actual implementation of cybersecurity controls.

As far as we are concerned, this status quo is intolerable. American small businesses alone are suffering billions of dollars in damages every year thanks to cyber crime, a figure that has risen sharply over the last 5 years and continues to rise. These businesses are being targeted by criminals – often foreign-based and often backed by America’s geopolitical rivals – who steal crucial data or functionality, then force those businesses to pay ransoms to avoid destruction. Typically, those who pay are re-ransomed in short order, a cycle that usually spells death for the business that has been attacked.

Imagine if foreign cartels were breaking into small businesses, locking the owners out, and demanding ransom payments, or else burning businesses to the ground. No one would tolerate this. Yet essentially, that is exactly what’s taking place online at a massive scale.

So how did we get here? Part of the problem is that we as a society have been slow to adjust to the security implications of modern technologies. Our law enforcement is laser focused on securing critical infrastructure, the public is ignorant, and the government has only recently begun to pour funding into helping “target rich, cyber poor” organizations bootstrap their security programs.

On the other hand, cybersecurity innovation requires insane agility to keep up with constantly evolving threats, something the government lacks even when playing to its strengths. Tech and the private sector are the only ones well situated to handle this problem, but until the incentives get fixed, we will stay stuck in this mire.

This is the textbook case for social entrepreneurship – a bad equilibrium with a clear vision for a better state. Fortunately, there has been movement for some time towards trying to educate the public, raise awareness, and train small businesses and employees. These are valuable missions that lay the foundation for real change. But at the end of the day, this is a technological problem that demands a technological solution.

It is time that we try a new approach: a social venture that directly takes on the burden of building technology that moves our small businesses confidently into modernity, drives collaboration between industry and government to correct market failures, and protects our country’s most vulnerable. It’s time for a murmuration.