Major Organizations Pledge to Enhance Cyber Resiliency

June 15, 2022

In partnership with the Coalition to Reduce Cyber Risk (CR2), 37 companies and organizations have pledged to enhance cyber resiliency and counter evolving cross-border cyber threats such as the growth of ransomware.

Signers to this groundbreaking pledge from eight countries have promised to:

encourage the development, evolution and implementation of risk-based approaches that rely on consensus-based standards and risk management best practices, such as ISO/IEC 27110 and 27103, or the NIST Cybersecurity Framework;

support efforts of our vendors and supply chain contributors to adopt risk-based cybersecurity approaches in order to help small businesses flourish while improving the resiliency of the cyber ecosystem;

incorporate ISO/IEC (or other widely accepted international) cybersecurity standards as a foundation of our cybersecurity policies and controls wherever applicable and feasible; and

periodically reassess our cybersecurity policies and controls against revisions to ISO/IEC cybersecurity standards and actively participate in industry-driven initiatives to improve those standards.

“CR2 is committed to driving a globally-aligned approach for managing cyber risk. Thirty-Seven organizations from eight countries have signed the Cyber Risk Management Pledge, demonstrating the breadth of usage of international standards such as ISO/IEC 27110 and 27103, as well as the NIST Cybersecurity Framework and associated sector profiles.” said Benjamin Flatgard, President of CR2 and Executive Director of Technology and Cybersecurity Policy and Partnerships at J.P. Morgan Chase. He added

“Governments should embed widely used international standards at the core of their national cyber policies to facilitate a seamless approach to shared cyber risk."

The CR2 Pledge

The signatories to this pledge understand that in order to enhance cyber resiliency and counter evolving cross-border cyber threats such as the growth of ransomware, we must enable the seamless implementation of risk-based approaches to cybersecurity around the world.

Internationally recognized cybersecurity frameworks and standards that are based upon the principles of risk management and relevant across sectors support such implementation by strengthening consistency and continuity among interconnected sectors and throughout global supply chains.

Increased and ongoing adoption of these frameworks and international standards by companies and governments around the world will mitigate cyber risks and facilitate economic growth.

To further advance adoption of international approaches to cybersecurity risk management, we commit to:

Encourage the development, evolution and implementation of risk-based approaches based on consensus-based frameworks, standards and risk management best practices, such as ISO/IEC 27110 and 27103, or the NIST Cybersecurity Framework;

Support efforts of our vendors and supply chain contributors to adopt risk-based cybersecurity approaches in order to help small businesses flourish while improving the resiliency of the cyber ecosystem;

Incorporate ISO/IEC 27110 and 27103, the NIST Cybersecurity Framework, or other widely accepted international cybersecurity standards as a foundation of our cybersecurity policies and controls wherever applicable and feasible; and

Periodically reassess our cybersecurity policies and controls against revisions to such cybersecurity standards and actively participate in industry-driven initiatives to improve those standards.

A commitment to internationally recognized cyber risk management approaches and frameworks that are relevant across sectors can bring widespread economic benefits, help governments achieve their policy goals, bolster collective security, and enhance cyber resiliency across the ecosystem.

SIGNATORY COMPANIES

AT&T

Amazon Web Services (AWS)

Cisco

Citrix

Cybastion Institute of Technology

Cybereason

Exiger

IBM

JP Morgan Chase

Lumen

Mastercard

Microsoft

NetScout

NTT

Palo Alto Networks

Rakuten

Symphony

Red Hat

SAP

Schneider Electric

Tenable

Trellix

Verizon

SIGNATORY ASSOCIATIONS

Asia Internet Coalition (AIC) B

SA | The Software Alliance

Coalition of Service Industries (CSI)

Coalition to Reduce Cyber Risk (CR2)

Cyber Risk Institute

CyberPeace Institute

Cybersecurity Coalition

The DCRO Institute

Health-ISAC

Information and Communications Technology Council (ICTC)

Information Technology Industry (ITI)

Telecommunications Industry Association (TIA)

U.S. Chamber of Commerce

United States Council for International Business (USCIB)

US-India Strategic Policy Forum (USISPF)