Whether we know it or not, we are sharing more personal information than ever before.

The core business models of the Internet depend on knowing as much as possible about everyone, and analyzing, repackaging and selling that information. These data troves enable many new services, including machine learning and voice recognition. But the data collection is also accompanied by a constant risk of our social, financial, romantic or political information being leaked in ways that expose us to harm.

In 2017, the disclosures of breach after breach – Equifax, Yahoo, Uber, the list goes on – show that many of the companies we trust with our data are not doing enough. The prying eyes of governments are watching, too.

Security is only becoming harder to deliver at scale. Every technology, be it software or hardware, presents new risks. In 2017, WannaCry ransomware crippled high-profile targets, including Britain’s National Health Service. A flaw in Intel chips put millions of devices at risk. Electrical grids in the Ukraine and the United States were hacked.

But people are not passively accepting these risks. They’re creating technology to protect key infrastructure from attacks. Volunteer cybersecurity teams respond to emergencies. Cyberpeace efforts continue, in the face of worldwide information warfare.

As the Internet expands with more connected devices, the challenges will only grow. We have reached a point where you can’t opt out. When homes have listening machines, shopping centers have facial recognition cameras and satellite images can identify our cars, can we really control our digital footprints?

Despite these huge challenges, there have been steps forward.

In Europe this year, a new General Data Protection Regulation (GDPR) will require companies to adhere to stringent terms of privacy and consent, raising the bar for what we demand of data holders worldwide. More people are using security techniques like two-factor authentication, though they’re still the minority. And we’ve seen an uptake in encryption for messaging and Web traffic.

In the coming years, we will explore opportunities to expand privacy and data protection frameworks worldwide — and push companies to take security seriously.

And yes, we should pick better passwords too.