The Challenge ⟶

Growing cyber threats and media coverage of increasing events in cyberspace are causing everyone to focus more attention on cybersecurity – consumers, enterprises, and governments included.

Consequently, governments have sought to secure essential cyber capabilities through regulations and requirements, which are not problematic themselves. However, fragmentation of global cybersecurity requirements in addition to the large volume of nation-specific cyber requirements can be highly problematic for both nations and enterprises. CR2 hopes to address this issue by advancing a risk-based approach that goes beyond compliance and reflects a holistic tactic to cybersecurity. 

Increased cybersecurity requirements are not necessarily problematic. Fragmentation of cybersecurity requirements or large volume of nation-specific requirements, however, can be highly problematic, both for nations and the enterprises.

  • If global regulations, including those related to cybersecurity risk management, fragment or conflict, cross-border flows of resources will be disrupted, negatively impacting economic growth and potentially curtailing the progress that has been made.

    Around the world, numerous governments are creating initiatives and strengthening requirements to increase cybersecurity. Further, within governments, different stakeholders, including traditional industry regulators and other parts of governments focused on security, are creating initiatives and strengthening requirements to increase cybersecurity. Despite often useful objectives, the number of and lack of cohesion across these efforts is generating a significant risk of conflicting or competing security requirements. Conflicting and competing requirements not only increase costs for companies, diverting security resources toward compliance, but also, and more importantly, could hinder the economic growth enabled by open markets and the security of essential cyber capabilities.

    Alternatively, some alignment of the foundational approaches to risk management would help to advance security without creating undue compliance costs, and create continuity and predictability for global as well as local enterprises. Furthermore, there would be more opportunities for shared learning and exchange across governments and enterprises, and the ecosystem as a whole would reap security benefits from being able to rely on a culture of effective cross-border cooperation among government authorities and industry stakeholders.