As cybersecurity policies and regulations evolve rapidly around the world, greater collaboration is necessary to ensure more robust and resilient frameworks to support shared learning and best practices, according to (ISC)².
The international cybersecurity non-profit has led new research in collaboration with the Royal United Services Institute (RUSI), a British think tank, examining cybersecurity legislation and regulation within the UK, the US, Canada, the EU, Japan and Singapore.
The report, titled Global Approaches to Cyber Policy, Legislation and Regulation, was published on April 27, 2023.
It is the result of “a first-of-its-kind comparative work, pushed by the proliferation of new cyber regulation – and the fact that more is on the way,” Clar Rosso, CEO of (ISC)2, said during a launching event that took place at the House of Commons, on April 26, 2023.
RUSI and (ISC)2 researchers identified various challenges shaping cyber policy across all six jurisdictions, including the need to tackle the shortage of skilled cybersecurity professionals and the growing importance of protecting the critical national infrastructure (CNI).
While these two priorities are shared by all six jurisdictions analyzed, the report provides valuable insights on the different approaches these countries take to solve them, Rosso said.
Read more: NCSC Warns of Destructive Russian Attacks on Critical Infrastructure
By bringing together insights from different jurisdictions and stakeholders, the report also shows the importance of cooperation between private and public stakeholders and that policymakers increasingly seek harmonization of cyber policy, Pia Hüsch, a research analyst at RUSI and the report’s principal author, argued in a public statement.
"The report therefore draws crucial attention to the need to better understand which policies are effective in increasing cyber resilience and how they impact businesses and the cyber workforce implementing them,” she added.
Additionally, ally countries should adopt “a proactive, rather than reactive, approach toward cybersecurity policy and collaborate across borders, industries and sectors to establish common standards, protocols and best practices,” Russo said.
The research was conducted from December 2022 to March 2023 and was primarily based on a review of existing literature about policies enacted or proposed within the six jurisdictions between 2019 and 2023.
The report’s launch comes a week after the CYBERUK 2023 conference, where (ISC)2 called for cross-industry support to launch 100,000 new cybersecurity careers in the UK.