Each year 74 percent of the world’s businesses expect to be hacked. The estimated economic loss of cybercrime is estimated to reach $3 trillion by 2020. Yet cyberattacks are not only about the loss of financial resources, but increasingly about the impact to people’s lives. When the WannaCry attack hit London in the summer of 2017, hospitals affected by the attack were forced to delay surgeries and re-direct ambulances. The Sony attack in 2014 involved retaliation for the content of a movie, attempting to suppress free speech. We suddenly find ourselves living in a world where nothing seems off limits to nation-state attacks. Microsoft, like other technology companies, is aggressively taking new steps to protect customers, including from offensive attacks by governments. This includes new security features at every level of the technology stack. But technology companies, governments, and civil society must come together to do more. The time has come to adopt new and binding rules that protect people in a principles way. We are advocating for a new Digital Geneva Convention and other ideas to help keep people secure.