As emerging technologies continue to reshape the online threat landscape and create new avenues for misinformation, exploitation, and harm, it’s clear the overlap between online safety and cybersecurity is more important than ever before. Both communities are united in the mission to create safer and more trustworthy spaces online – but there are five lessons from the cyber security industry that online safety practitioners can apply to build a safer internet.
With cybersecurity having roots dating back to the 1960s, it does have a 30-year head start on online safety. Our industry is making incredible progress, but we can go faster if we consider adopting a few lessons from our counterparts. In this article we look at key strengths of the cybersecurity response, how to replicate them in online safety, and the practical way we are trying to implement them at the Online Safety Exchange (OSX).
Lesson one: A diverse ecosystem of equals
One of the most valuable lessons from the cybersecurity field is the importance of ecosystems of diverse but equal participants. This enables collaboration across governments, industries, and individual experts, and recognises the unique strengths each brings to the table. One example is the Forum of Incident Response and Security Teams (FIRST) which was founded in 1990 and has grown to over 680 members. FIRST illustrates how respect for the different but complementary expertise of its members creates a powerful platform for collaboration, regardless of geographic location or organisational affiliation.
The Online Safety Exchange Network (OSXN) is built on this principle. It is a collaborative, peer-driven space where practitioners, regulators, and industry leaders can engage as equals. Our aim is to foster organic interactions and empower members to actively contribute, share insights, improve practices, and shape discussions to positively advance outcomes for internet users globally, all while respecting the diverse expertise that each individual brings.
Lesson two: International standards and best practices
The foundations of those ecosystems are standards that provided consistent guidelines across organisations and borders. For example, the ISO/IEC 27001 standard (first published in 2005) has become a globally recognised benchmark for information security management systems. The NIST Cybersecurity Framework (2014) was developed in, and for, the USA but was quickly adopted into cybersecurity practices globally.
The online safety community has yet to develop such unifying international standards – or to agree on which existing frameworks could be elevated to that level. A number of guidelines have been developed specifically for child protection online including efforts by the OECD in 2012, UNICEF/ITU in 2016, and the WePROTECT Global Alliance in 2019. None have evolved into global standards (yet). Many areas of online safety do not even have developed guidelines.
No single agency or country can impose standards universally. But we can create a platform for experts from around the globe to analyse and adopt existing standards, or collaboratively develop new ones as a way to build consistency.
Lesson 3: Globally recognised qualifications
Cybersecurity has also successfully developed globally recognised qualifications that help standardise the expertise within the field. Certifications such as CISSP (Certified Information Systems Security Professional), introduced in 1994, have become international standards for assessing cybersecurity professionals’ knowledge and skills. These certifications are recognised around the world, ensuring a consistent level of competency among cybersecurity practitioners.
In contrast, the online safety field lacks comparable globally recognised qualifications. Although some organisations offer training programs, these are often localised and lack the international recognition that cybersecurity certifications have achieved. By establishing a standardised, globally recognised qualification built upon agreed standards it would help create and reflect a more unified industry.
Lesson four: Generalists, specialists and teams
In the early stages of cybersecurity, professionals were often generalists, tasked with managing a wide range of responsibilities from network security to incident response. As the field matured in the 1990s, specialised roles emerged—such as ethical hackers, forensic analysts, and security architects—each focused on specific aspects of cybersecurity. These specialists, when effectively coordinated into teams, were able to address increasingly complex challenges with greater precision and effectiveness.
The online safety community mirrors this evolution, with both generalists and specialists playing vital roles. Generalists bring a broad understanding of online safety, capable of addressing a wide spectrum of issues. However, as the complexity of online threats grows, the need for specialists—experts in areas like misinformation mitigation, child protection, or digital wellbeing—becomes more pronounced.
At the Online Safety Exchange, we recognise the importance of both roles and the power of collaboration between them. The OSXN provides a platform for project teams to draw on the expertise of both generalists and specialists, combining their skills to tackle many of the multifaceted online safety challenges.
Lesson five: Leveraging our ecosystem
The lessons of cybersecurity can help us build a more resilient, professional, and collaborative approach to addressing the unique challenges our industry faces. The Online Safety Exchange is committed to the development of best practice online safety operations and operators which is why we are fostering an ecosystem of equals, where professionals from diverse backgrounds can unite to share expertise, develop standards, and tackle complex challenges.
We want you
If you’re passionate about building a safer online world and want to collaborate with like-minded professionals, there’s a place for you at the OSX Network. Whether you’re a generalist looking to broaden your impact or a specialist ready to contribute your expertise, our member-only community is growing.
Roblox is the first tech platform to officially join the OSX Network and their Trust and Civility Team will be sharing useful links and updates. Some of our other partners including Contrails.AI and ThatsMyFace are offering OSXN members the opportunity to beta-test their products. The OSXN is in its early stages, and we invite you to sign-up and help shape a community you want to be a part of.
It’s free to join the OSX Network and anybody working/studying in the wider online safety and trust and safety space can be a part of it – just apply here!
