Headline
37 Major Companies and Organizations Pledge to Enhance Cyber Resiliency and Counter Evolving Global Threats
SAN FRANCISCO – Today, in partnership with the Coalition to Reduce Cyber Risk (CR2), 37 companies and organizations have pledged to enhance cyber resiliency and counter evolving cross-border cyber threats such as the growth of ransomware. Signers to this groundbreaking pledge from eight countries have promised to:
· encourage the development, evolution and implementation of risk-based approaches that rely on consensus-based standards and risk management best practices, such as ISO/IEC 27110 and 27103, or the NIST Cybersecurity Framework;
· support efforts of our vendors and supply chain contributors to adopt risk-based cybersecurity approaches in order to help small businesses flourish while improving the resiliency of the cyber ecosystem;
· incorporate ISO/IEC (or other widely accepted international) cybersecurity standards as a foundation of our cybersecurity policies and controls wherever applicable and feasible; and
· periodically reassess our cybersecurity policies and controls against revisions to ISO/IEC cybersecurity standards and actively participate in industry-driven initiatives to improve those standards.
“CR2 is committed to driving a globally-aligned approach for managing cyber risk. Thirty-Seven organizations from eight countries have signed the Cyber Risk Management Pledge, demonstrating the breadth of usage of international standards such as ISO/IEC 27110 and 27103, as well as the NIST Cybersecurity Framework and associated sector profiles.” said Benjamin Flatgard, President of CR2 and Executive Director of Technology and Cybersecurity Policy and Partnerships at J.P. Morgan Chase. He added
“Governments should embed widely used international standards at the core of their national cyber policies to facilitate a seamless approach to shared cyber risk.”
For more information on the CR2 and the pledge, or if your company or organization is interested in joining the pledge, please visit https://www.crx2.org/
Cyber Risk Management Pledge
The signatories to this pledge understand that in order to enhance cyber resiliency and counter evolving cross-border cyber threats such as the growth of ransomware, we must enable the seamless implementation of risk-based approaches to cybersecurity around the world.
Internationally recognized cybersecurity frameworks and standards that are based upon the principles of risk management and relevant across sectors support such implementation by strengthening consistency and continuity among interconnected sectors and throughout global supply chains.
Increased and ongoing adoption of these frameworks and international standards by companies and governments around the world will mitigate cyber risks and facilitate economic growth. To further advance adoption of international approaches to cybersecurity risk management, we commit to:
· Encourage the development, evolution and implementation of risk-based approaches based on consensus-based frameworks, standards and risk management best practices, such as ISO/IEC 27110 and 27103, or the NIST Cybersecurity Framework;
· Support efforts of our vendors and supply chain contributors to adopt risk-based cybersecurity approaches in order to help small businesses flourish while improving the resiliency of the cyber ecosystem;
· Incorporate ISO/IEC 27110 and 27103, the NIST Cybersecurity Framework, or other widely accepted international cybersecurity standards as a foundation of our cybersecurity policies and controls wherever applicable and feasible; and
· Periodically reassess our cybersecurity policies and controls against revisions to such cybersecurity standards and actively participate in industry-driven initiatives to improve those standards.
A commitment to internationally recognized cyber risk management approaches and frameworks that are relevant across sectors can bring widespread economic benefits, help governments achieve their policy goals, bolster collective security, and enhance cyber resiliency across the ecosystem.
AT&T
AWS
Cisco
Citrix
Cybastion Institute of Technology
Cybereason
Exiger
IBM
JP Morgan Chase
Lumen
Mastercard
Microsoft
NetScout
NTT
Palo Alto Networks
Rakuten Symphony
Redhat
Schneider Electric
Tenable
Trellix
Verizon
Asia Internet Coalition (AIC)
BSA | The Software Alliance
Coalition of Service Industries (CSI)
Coalition to Reduce Cyber Risk (CR2)
Cyber Risk Institute
CyberPeace Institute
Cybersecurity Coalition
The DCRO Institute
Health-ISAC
Information and Communications Technology Council (ICTC)
Information Technology Industry (ITI)
Telecommunications Industry Association (TIA)
U.S. Chamber of Commerce
United States Council for International Business (USCIB)
US-India Strategic Policy Forum (USISPF)