Brian Cute and Anthea Mulakala (*)
The pace of cybercrime is accelerating, outpacing efforts to build strong digital defenses. Cybercriminals are leveraging AI to launch sophisticated attacks at lower costs, putting businesses, governments, and communities at risk. Yet, there is hope—institutions cybersecurity clinics are emerging as a powerful model to bridge the gap between cybersecurity needs and talent development.
Modelled after legal and medical school clinics, cybersecurity clinics provide students with real-world experience while delivering free cybersecurity support to small businesses, nonprofits, and municipalities. These clinics welcome students from diverse disciplines—technical and non-technical—because tackling cyber threats requires a collaborative, multidisciplinary approach.
Established in 2021, the Consortium of Cybersecurity Clinics connects institutions, students, and industry partners to expand access to cybersecurity education and services. These clinics play a critical role in training students to conduct cyber risk assessments, implement cybersecurity best practices, and engage with local organizations—all skills they will take into the workforce upon graduation.
Cybersecurity clinics not only offer valuable support to organizations with limited resources but also promote collaboration and knowledge exchange. The ability to exchange best practices, case studies, and methodologies strengthens cybersecurity resilience across sectors and geographies.
Through a partnership between The Asia Foundation (TAF) and the Global Cyber Alliance (GCA), and with the support of the Consortium of Cybersecurity Clinics, cybersecurity clinics are now expanding into more countries in Asia. With support from Google.org, the APAC Cybersecurity Fund is piloting cybersecurity clinics in three countries—Pakistan, Sri Lanka, and Singapore—integrating these institutions into a global network.
Each country’s clinic has a distinct focus tailored to its cybersecurity landscape:
These clinics will play a key role in strengthening cybersecurity resilience in the region by providing practical experience for students and much-needed cybersecurity support for organizations.
For over a year, Taiwan has been working with the Consortium of Cybersecurity Clinics to bring clinics to Asia and launched three operational clinics last fall. BINUS in Indonesia has also been engaged with the Consortium for multiple years while developing their program.
Cybersecurity clinics demonstrate the power of collaboration across sectors. Institutions provide the academic foundation and infrastructure, students bring energy and skills, and nonprofits like GCA and TAF support the development and expansion of these clinics. Meanwhile, Google.org’s investment has catalyzed the growth of these programs, ensuring cybersecurity education is both accessible and impactful.
The success of this approach is evident. In 2024 alone, Google.org supported the launch of 15 new cybersecurity clinics in the United States, with over 20 additional clinics announced across Europe, Africa, and the Middle East. The expansion into Asia builds on this momentum, strengthening cybersecurity ecosystems worldwide.
Cybersecurity clinics address two critical challenges: the increasing cyber threat landscape and the shortage of skilled cybersecurity professionals. According to the World Economic Forum’s 2024 Global Risks Report, cyber insecurity remains one of the top 10 global threats over the next decade. At the same time, the cybersecurity workforce gap continues to widen—CyberSeek reports nearly 450,000 unfilled cybersecurity jobs in the U.S., and Europe faces a shortage of 883,000 professionals. In Asia, the demand for skilled cybersecurity talent is rising rapidly, particularly in industries such as finance, healthcare, and critical infrastructure. Governments and institutions are prioritizing efforts to build local expertise, yet gaps remain in workforce readiness and access to training.
By piloting cybersecurity clinics in Asia and integrating them into the global network, we are not only addressing immediate security challenges but also fostering a model for long-term regional leadership in cybersecurity education and practice. The goal is to train students, protect vulnerable organizations, and establish a framework that can scale across the region in the years to come.
We recognize the vital role cybersecurity clinics play in strengthening digital security. Sustained investment—particularly from industry leaders like Google.org—will allow more students to gain hands-on cybersecurity experience while equipping relevant organizations with the tools to defend against evolving threats.
The expansion of cybersecurity clinics to Asia is a key step toward advancing digital security and improving readiness for evolving cyber challenges.
With the right partnerships and continued investment, these clinics can serve as a cornerstone for cybersecurity capacity-building in Asia, ensuring that the region plays an active role in shaping global cybersecurity standards.
(*) Brian Cute is GCA’s Chief Operating Officer and Director, Capacity & Resilience Program, and Anthea Mulakala is the Senior Director for International Development Cooperation at The Asia Foundation, Regional Director and Lead of APAC Cybersecurity Fund and Future Skills Alliance.Brian Cute and Anthea Mulakala (*)
