The Cyber Policy Awards organizing committee is pleased to announce award categories and criteria for the upcoming third annual event, to be held on the evening of Thursday, February 5, 2026 in Washington, DC. During the gala event, members of the cyber policy community will present The Atlas awards to deserving recipients who have driven meaningful progress over the last year, and present a special award for lifetime achievement.
Unless otherwise specified, individuals, small groups (five or fewer named individuals), or an organization may be nominated. Award categories and special criteria are as follows:
U.S. Domestic Policy Impact. This award recognizes those whose efforts have had significant impact on the U.S. domestic policy landscape, such as by materially influencing the community’s thinking and trajectory, overcoming a longstanding and intractable obstacle, or galvanizing broad stakeholder support to take some action.
International Policy Impact. This award recognizes those whose efforts have had significant impact on the international policy landscape, such as a shift in international narratives, viewpoints, or prioritization; the emergence of international consensus or an agreement; or collective action when previously unlikely.
International Partnership. This award recognizes those who have demonstrated a unique level of commitment to, or teamwork with, a foreign entity regarding a cyber-related foreign policy issue or a significant cybersecurity challenge.
Ecosystem Champion. This award recognizes those whose tenacious efforts have led to broad structural and long-lasting positive impact on the cyber ecosystem through policy changes or by putting policy into action at scale; or those who enable the ecosystem-impacting work of academic institutions, think tanks, or other civil society organizations through significant financial or in-kind support.
Research Impact. This award recognizes those whose novel scholarly research has led to a conclusion, discovery, concept, tool, approach, or proposal that can be shown to have advanced or made a substantial contribution to domestic or international cyber policy. Special criteria are as follows:
- Nominations must identify a specific paper, report, or research publication as the primary basis, but may be supplemented with context on how it fits within a larger body of work.
- Research must have been published in a peer-reviewed journal, conference proceedings, or otherwise subjected to a credible organizational-level pre-publication review process, and not individually self-published.
- Research should test a hypothesis or present findings that have policy implications. This category excludes research on specific malicious actor activities, vulnerabilities, or adversary techniques. Research on macro trends in aggregate adversary behaviors, vulnerability exploitation, or effectiveness of adversary techniques is acceptable.
Excellence in Journalism. This award recognizes journalists who positively contributed to their readership’s understanding of complex cyber policy issues by correctly detailing technical aspects, drawing complex connections with other relevant events and proceedings, fairly representing tradeoffs and divergent viewpoints, and accurately reflecting policy substance. Special criteria are as follows:
- Only individual or small group nominees (no organizations).
Lifetime Achievement. This award recognizes those who had a sustained and significant impact on domestic or international cyber policy over the course of their career. Such impact might be evidenced by contributions on numerous issues, a long-term sustained effort on a single issue that eventually culminated in a watershed development, or a combination thereof. Recipients of this award will be listed as members of the Cyber Policy Awards’ Hall of Fame. Special criteria are as follows:
- This is an individual award.
- Nominees’ duration of impactful service must equal or exceed 25 years.
- An articulated nexus to the current award cycle’s performance period is not required.
Except as otherwise set forth in the special criteria of a particular award category, nominations must have an articulated nexus to the performance period in question. For the third annual event to be held in February 2026, the performance period is November 1, 2024 through December 31, 2025. This two-month overlap with the previous award cycle’s performance period ensures that late-year achievements have an opportunity for recognition; however, work from November–December 2024 that was previously nominated is not eligible for re-nomination.
Any member of the cyber policy community—or beyond—may submit a nomination. The only restriction is that self-nomination is not permitted. Neither the Institute for Security and Technology nor members of the organizing committee select the award finalists and recipients; this duty is fulfilled by an independent panel of distinguished judges.
Announcements naming the panel of judges and opening of nominations are forthcoming.
