{"id":2909,"date":"2025-04-24T03:00:05","date_gmt":"2025-04-24T03:00:05","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=2909"},"modified":"2025-04-24T03:00:05","modified_gmt":"2025-04-24T03:00:05","slug":"group-of-cisos-calls-on-oecd-g7-for-stronger-alignment-of-security-regs","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=2909","title":{"rendered":"Group of CISOs calls on OECD, G7 for stronger alignment of security regs"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>Unless countries align their cybersecurity strategies, fragmentation will compromise cyber defenses and response, a group of more than 40 chief information security officers (CISOs) from global enterprises warned world leaders in an open letter Wednesday.<\/p>\n<p>The coalition <a href=\"https:\/\/msblogs.thesourcemediaassets.com\/sites\/5\/2025\/04\/CISO-letter_International-cybersecurity-regulatory-alignment_4.21.25.pdf\" target=\"_blank\" rel=\"noopener\">called for action<\/a> from the G7 and the Organization for Economic Co-operation and Development (OECD), urging them to prioritize greater alignment of regulations to, it said, \u201cmaximize the effective use of limited resources.\u201d<\/p>\n<p>The group, which includes executives from big name enterprises and organizations such as Salesforce, Microsoft, AWS, Mastercard, SAP, and Siemens, is asking the OECD and G7 to adopt international standards, ink reciprocity agreements, share threat intelligence, and collaborate with the private sector.<\/p>\n<p>\u201cMalicious cyber threat actors continue to target our companies, governments, and societies, often with impunity,\u201d the letter stated. \u201cThe interconnected nature of the cyber landscape necessitates collaboration across borders.\u201d<\/p>\n<h2 class=\"wp-block-heading\">Make a \u2018political commitment\u2019 to cybersecurity<\/h2>\n<p>The CISOs noted that there has been a recent proliferation of <a href=\"https:\/\/www.csoonline.com\/article\/570281\/csos-ultimate-guide-to-security-and-privacy-laws-regulations-and-compliance.html\">cybersecurity laws and regulations<\/a> around the globe, but international cooperation and coordination on cybersecurity is \u201cnascent.\u201d<\/p>\n<p>Growing divergence and fragmentation in global regulations is making cyber defense more difficult, they said, and inconsistent or conflicting regulations increase the complexity of time-sensitive incident response and reporting.<\/p>\n<p>The coalition is calling on the G7 and OECD to:<\/p>\n<p>Make a commitment to better align cybersecurity regulations in relevant forums, namely the upcoming G7 and OECD meetings. International leaders should focus on consistently aligning existing regulations; commit to collaborating on future regulations; balance the timing for implementation versus new regulation; enable quicker exchange of threat intelligence; and agree to consult with the private sector.<\/p>\n<p>Agree to use the OECD\u2019s expertise and forum \u201cto implement this political commitment\u201d and to convene regulators across countries and sectors on a regular basis, ideally once or twice a year in a multi-stakeholder gathering, with private sector participation as well as industry and other non-governmental representatives. The group should develop an action plan and provide regular progress updates to decision-makers and authorities.<\/p>\n<p>Further, the coalition urged international leaders to form reciprocity agreements, adopt international standards, and make third-party assessments and audits applicable across borders.<\/p>\n<p>\u201cThis approach would result in a cohesive and harmonized regulatory environment that would facilitate better cooperation and information sharing among nations and enhance our collective defense against cyber threats,\u201d the coalition wrote.<\/p>\n<h2 class=\"wp-block-heading\">Current situation \u2018untenable\u2019<\/h2>\n<p>The letter is well-timed to be considered at the 2025 G7 summit being held in Alberta, Canada, in June, and experts point out that the presence of the G7 and OECD member states provide a unique opportunity for CISOs to address a centralized body with the political means and might to influence regulators and achieve global cybersecurity consistency.<\/p>\n<p>\u201cThere is a need for some level of cybersecurity regulation harmonization, especially for the benefit of organizations that operate on a multi-national basis,\u201d said <a href=\"https:\/\/moorinsightsstrategy.com\/team\/will-townsend\/\" target=\"_blank\" rel=\"noopener\">Will Townsend<\/a>, VP and principal analyst at Moor Insights &amp; Strategy.<\/p>\n<p>Indeed, countries all over the map are \u2026 all over the map. Canada, for one, is \u201cwoefully, massively, behind the United States,\u201d said David Shipley of Beauceron Security.<\/p>\n<p>That\u2019s not for lack of trying. Shipley serves as co-chair for the Canadian Chamber of Commerce\u2019s cyber council, which has been pushing for nationwide cybersecurity regulations. While legislation has failed to pass so far, the goal is to become \u201cclosely harmonized\u201d with the US\u2019s existing regulations, notably because critical infrastructure crosses the countries\u2019 borders.<\/p>\n<p>Different definitions and reporting timeframes \u201cjust add layers of confusion and complexity to the incident response process,\u201d said Shipley.<\/p>\n<p>And that\u2019s just between two countries; things get exponentially more complex and confusing as more jurisdictions become involved, he noted.<\/p>\n<p>\u201cEach country running in their own direction, doing their own thing without alignment, is untenable,\u201d said Shipley. \u201cThe reality is that criminal groups cooperate far better than the good guys, certainly better than the good guys in government. We\u2019ve got to get better at this.\u201d<\/p>\n<h2 class=\"wp-block-heading\">Diverse privacy regs add complexity<\/h2>\n<p>International collaboration among governments, regulatory bodies, and the private sector is essential to combat cyber threats effectively, noted <a href=\"https:\/\/www.infotech.com\/profiles\/fritz-jean-louis\">Fritz Jean-Louis<\/a>, principal cybersecurity advisor at Info-Tech Research Group.<\/p>\n<p>\u201cCISOs of global organizations operating in multiple jurisdictions must pay attention to the potential implications for enterprises due to the ever-increasing complexity of regulatory requirements related to security,\u201d he said.<\/p>\n<p>This is particularly critical in the area of privacy, where \u201ccomplex and at times divergent\u201d regulations create an environment that is complex to manage, difficult to achieve compliance in, and expensive to implement and maintain, said Jean-Louis, \u201cwhile not necessarily improving security capabilities to effectively address threat actors.\u201d<\/p>\n<p>\u201cCybersecurity regulations are not always the best way to engage and mitigate this risk,\u201d he added, pointing out that there are \u201cfew direct correlations\u201d between regulatory pressure and the effectiveness of cybersecurity controls. Instead, CISOs sometimes have to divert important assets and resources to address compliance requirements that are not necessarily improving security posture.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Unless countries align their cybersecurity strategies, fragmentation will compromise cyber defenses and response, a group of more than 40 chief information security officers (CISOs) from global enterprises warned world leaders in an open letter Wednesday. The coalition called for action from the G7 and the Organization for Economic Co-operation and Development (OECD), urging them to [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":2888,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-2909","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/2909"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2909"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/2909\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/2888"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2909"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2909"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2909"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}