Cisco, Microsoft urge governments to follow best practices for cyber risk regulations

Cisco Systems, Microsoft and four other global organizations today announced the creation of the Coalition to Reduce Cyber Risk (CR2), aimed at encouraging governments to be more open when creating cyber risk management standards, guidelines and regulations covering the private sector.

Other members are Mastercard, AT&T, American bank JP Morgan Chase and British bank HSBC.

One of its first acts is to release a white paper called “Cybersecurity Policy for Resilient Economies: A Global, Cross-Sector Approach,” which urges governments to keep an eye open to best practices in the security industry from around the world as well as what other countries are doing.

“Governments can leverage, learn from and improve existing best practices and standards with demonstrated positive impacts rather than developing one-off and potentially fragmented untested and burdensome requirements. Moreover, public-private co-operation is critical to promoting alignment across government approaches to cyber security risk management to the greatest extent possible, recognizing that different cultural norms or government priorities will make absolute harmonization unlikely. However, aligning the approach and substance of cyber security risk management policies and ensuring compatibility provides tremendous value to all stakeholders.”

As organizations publicly report more cyber breaches, regulators are toughening their security requirements of companies they oversee. For example, in February the U.S. Securities and Exchange Commission (SEC) set new standards for cyber security disclosure of publicly-traded companies listed on American exchanges.

On its web page the CR2 notes that around the world governments are creating initiatives and strengthening requirements over the private sector to increase cybersecurity. “Despite often useful objectives, the number of and lack of cohesion across these efforts is generating a significant risk of conflicting or competing security requirements. Conflicting and competing requirements not only increase costs for companies, diverting security resources toward compliance, but also, and more importantly, could hinder the economic growth enabled by open markets and the security of essential cyber capabilities.”

If global regulations, including those related to cybersecurity risk management, fragment or conflict, “cross-border flows of resources will be disrupted, negatively impacting economic growth and potentially curtailing the progress that has been made.”

On the other hand, the site says, “some alignment of the foundational approaches to risk management” would help to advance security without creating undue compliance costs, and create continuity and predictability for global as well as local enterprises. In addition, it says, shared learning and exchange across governments and enterprises would reap a lot of security benefits.

“In today’s global, interdependent economy, improving cybersecurity requires organizations to work not only within their enterprise but also with partners, customers, and governments,” Tom Burt, Microsoft’s corporate vice president for customer security and trust, said in a statement.  “CR2 will bring these stakeholders together to advance security while also enabling the tremendous economic and societal benefits of digital transformation.”

Eric Wenger, Cisco’s director of cyber security and privacy policy, said the company looks forward to working with governments to advance standards-based, compatible frameworks for more effective cyber risk management.


Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now