The tech industry has the power to protect the world from nation-state threat attacks, cyber crime and those wanting to compromise data and manipulate critical infrastructure. But with this power comes great responsibility, which, to be honest, the tech industry has not been that interested in holding.

But at the RSA Conference (RSAC) in San Francisco, the cybersecurity and tech communities took steps to exert some power and take responsibility. They took the Secure by Design pledge, a promise to make a good-faith effort to ensure security measures are built into software and to work toward meeting seven security goals over the coming year.

“With the widespread public use of increasingly connected devices, there is a real urgency that everybody feels and is highly aware of. It is all about developing new and retrofitting old technologies and software with security as a core consideration,” Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA), told a full room of representatives from a wide range of tech and cybersecurity companies, both large and small.

However, Easterly added, given the ever-changing and unprecedented level of cyber threats, especially those targeting the government and critical infrastructure, time has taken on a more important role. We can’t wait around for innovations to happen or to develop responses to new attacks.

“We have to make security a priority right now,” Easterly said. That’s the impetus of the Secure by Design movement. “The federal government can’t do this alone.” Private industry — the companies in the best position to address cybersecurity threats — is also best suited to take on the burden of managing security risks from the beginning of the development process.