Newly published research examines global approaches to cyber legislation and regulation across six jurisdictions, shedding light on the challenges created by rapidly evolving policy landscapes.
(ISC)² – the world’s largest nonprofit association of certified cybersecurity professionals, and the Royal United Services Institute (RUSI), the world’s oldest independent think tank on international defence and security, today released a new research report titled “Global Approaches to Cyber Policy, Legislation and Regulation.” Findings from the report reveal that as cybersecurity policies and regulations evolve rapidly around the world, the call for greater standardization and collaboration is necessary to ensure stronger and more resilient frameworks to support shared learning and best practices.
Challenges of cyber legislation and regulation
The report reviews cybersecurity legislation and regulation within Canada, the European Union, Japan, Singapore, the United Kingdom and the United States, identifying various challenges shaping cyber policy. These issues include the shortage of skilled cybersecurity professionals, the complexities of the critical national infrastructure (CNI) and international cooperation on norm development for cyberspace. By bringing together insights from different jurisdictions and stakeholders, the report shows the importance of cooperation between private and public stakeholders and that policymakers increasingly seek harmonization of cyber policy.
Taking a closer look at APAC, Japan and Singapore have been recognized for having sustainable and advanced cybersecurity regulations and policies, yet both have witnessed a growth of cyber-attacks in recent years. To respond, both countries have shifted to a more proactive approach to actively pre-empt cyber-attacks and to enhance cyber resilience, which includes bilateral agreements and initiatives with more coordination with other states and the private sector. This is particularly insightful for Hong Kong, as cybersecurity incidents have been on the rise as well. According to the Hong Kong Computer Emergency Response Team, cybersecurity scams have increased for the first time in four years at 9% in 2022.
Research identifies trends
“While the report identifies a number of trends in the cyber policy landscape, the increasing reliance on binding cybersecurity obligations for the critical national infrastructure sectors and beyond stand out, but the obligations different jurisdictions impose to increase cyber resilience vary,” said Pia Hüsch, Research Analyst for Cyber, Technology and National Security at RUSI. “The report, therefore, draws crucial attention to the need to better understand which policies are effective in increasing cyber resilience and how they impact businesses and the cyber workforce implementing them.”
“Policymakers must take a proactive, rather than reactive, approach toward cybersecurity policy and collaborate across borders, industries and sectors to establish common standards, protocols and best practices,” said Clar Rosso, CEO of (ISC)². “Findings from this report provide valuable insight into top legislative and regulatory priorities, which emphasizes the need for greater harmonization between policymakers, cybersecurity professionals and other stakeholders to improve cyber resilience and address pressing cybersecurity challenges in 2023 and beyond. To protect our national security, economies, critical infrastructure, and the data and privacy of our citizens, we need consistent, strong, forward-looking and joined-up policies that enable cybersecurity professionals around the world to stay laser-focused on the most critical aspects of their jobs.”
Other key headlines
The report delves into several other key headlines, including:
- More regulations are coming; organizations must prepare now – not later.
- No country or government is immune to the cybersecurity skills and workforce gap.
- Global standardization is critical, and full international cooperation is needed to protect and uphold ethical principles and standards.
- Fortifying critical infrastructure is a top priority for all jurisdictions — especially with more interconnectedness and “state lines” blurring.
- Collective defence is needed between the public and private sectors and across jurisdictions to support norm development.
Related article: Cybercrime and the irony of tighter regulation