Skip to content

Microsoft Secure

Microsoft is looking for great student research on the future of cybersecurity policy. If you have conducted or plan to conduct such research, read on for information on how you can win a $5,000 cash prize for your research in our Cybersecurity 2020 essay contest.

Cybersecurity is a policy priority for many governments but there is limited understanding of whether and how policy choices impact cyber risk outcomes.  While many countries have made significant investments in the development and implementation of cybersecurity policy regimes, cybercriminals continue to make headway.  At the same time, the cyber ecosystem is undergoing tremendous change.  The growth in Internet users across Asia, Africa, and Latin America; the proliferation of connected devices; and the explosive rise in Internet traffic are just a few of the mega-trends reshaping the Internet.

In light of these challenges, we are looking for original research about these cybersecurity policy challenges from university students.  Specifically, research should address one or both of the following questions; in both instances, preference will be given to responses that integrate quantitative analysis using publically-available cybersecurity data and research, such as Microsoft’s Security Intelligence Report (SIR):

  1. Which cybersecurity policy choices have the most impact on cybersecurity outcomes and, based upon your answer, are there “actionable” recommendations for policymakers?
    1. For example, have national-level regimes for securing government networks had a meaningful impact on cybersecurity?  How might those regimes be improved?
    2. Additionally, for example, can cybersecurity policies impact user-level security?  And if so, how?

  2. Given the growth in people, devices, and data connected to the Internet, how should policymakers adapt current approaches, and are there elements missing from the current policy landscape that should be created, or existing instruments that should be deprecated?
    1. For example, many global-level cybersecurity policy regimes were created when most Internet users were based on North America and Europe; will the rise in Internet users in Asia, Africa, and Latin America require changes to these regimes?
    2. Additionally, for example, cybersecurity policies have been optimized for a desktop-centric world, where the computing machine, their operating systems, and often their users were fixed within a geography.  What changes are necessary to accommodate a more mobile-based world?

We look forward to hearing from future cybersecurity policy leaders on how they would tackle these challenges. For more information, including official rules of the contest, please visit:

To enter, send an email to with your essay in Microsoft Word format.  Entries must be received by 11:59pm PDT on June 14, 2013

Paul Nicholas
Senior Director, Global Security Strategy & Diplomacy
Microsoft Corporation