Increasing cyber threats and media coverage of various events in cyberspace are causing everyone – consumers, enterprises, and governments – to focus greater attention on cybersecurity. As a result, governments are appropriately seeking to secure the essential cyber capabilities that underpin national security, economic security, and public safety. However, many of these efforts, if not to some degree synergized, risk undermining security, resulting in the opposite of the desired effect.
More specifically, around the world, numerous governments are creating initiatives and strengthening requirements to increase cybersecurity. Further, within governments, different stakeholders, including traditional industry regulators and other parts of governments focused on security, are creating initiatives and strengthening requirements to increase cybersecurity. Despite often useful objectives, the number of and lack of cohesion across these efforts is generating a significant risk of conflicting or competing security requirements. Conflicting and competing requirements not only increase costs for companies, diverting security resources toward compliance, but also, and more importantly, could hinder the economic growth enabled by open markets and the security of essential cyber capabilities.
Increased cybersecurity requirements are not necessarily problematic. Fragmentation of cybersecurity requirements or large volume of nation-specific requirements, however, can be highly problematic, both for nations and the enterprises. More specifically, if global regulations, including those related to cybersecurity risk management, fragment or conflict, cross-border flows of resources will be disrupted, negatively impacting economic growth and potentially curtailing the progress that has been made.
Alternatively, some alignment of the foundational approaches to risk management would help to advance security without creating undue compliance costs, and create continuity and predictability for global as well as local enterprises. Furthermore, there would be more opportunities for shared learning and exchange across governments and enterprises, and the ecosystem as a whole would reap security benefits from being able to rely on a culture of effective cross-border cooperation among government authorities and industry stakeholders.