Getty Images

RSA Conference: H-ISAC, Microsoft, 30+ Others Sign Cyber Risk Management Pledge

At the RSA Conference, H-ISAC, Verizon, Microsoft, and more than 30 other organizations signed a cyber risk management pledge to combat ransomware and other cyber threats.

At the RSA Conference on Wednesday, cybersecurity experts announced that 37 companies and organizations from eight countries signed a cyber risk management pledge, promising to bolster cyber resiliency and tackle today’s most critical cyber threats.

In partnership with the Coalition to Reduce Cyber Risk (CR2), organizations including Health-ISAC, Microsoft, Verizon, AWS, AT&T, Cisco, Mastercard, the US Chamber of Commerce, JP Morgan Chase, and the CyberPeace Institute vowed to counter cyber threats and adopt internationally accepted cybersecurity frameworks.

“The signatories to this pledge understand that in order to enhance cyber resiliency and counter evolving cross-border cyber threats such as the growth of ransomware, we must enable the seamless implementation of risk-based approaches to cybersecurity around the world,” the pledge stated.

“Internationally recognized cybersecurity frameworks and standards that are based upon the principles of risk management and relevant across sectors support such implementation by strengthening consistency and continuity among interconnected sectors and throughout global supply chains.”

The pledge contained the following specific actions that the 37 organizations agreed upon:

  • Encourage the development, evolution and implementation of risk-based approaches based on consensus-based frameworks, standards and risk management best practices, such as ISO/IEC 27110 and 27103, or the NIST Cybersecurity Framework
  • Support efforts of our vendors and supply chain contributors to adopt risk-based cybersecurity approaches in order to help small businesses flourish while improving the resiliency of the cyber ecosystem
  • Incorporate ISO/IEC 27110 and 27103, the NIST Cybersecurity Framework, or other widely accepted international cybersecurity standards as a foundation of our cybersecurity policies and controls wherever applicable and feasible
  • Periodically reassess our cybersecurity policies and controls against revisions to such cybersecurity standards and actively participate in industry-driven initiatives to improve those standards.

“The health sector is highly interconnected and reliant on other critical infrastructures to deliver patient care," Errol Weiss, CSO of Health-ISAC, told HealthITSecurity.

"Health-ISAC supports the CR2 initiatives as we see this as a means to raise awareness of cyber security and encouraging adoption of sound risk management principles to improve resilience of the entire healthcare sector.”

A pledge of this magnitude is uncommon and signifies an increased focus on cybersecurity across all sectors and countries around the world.

“A commitment to internationally recognized cyber risk management approaches and frameworks that are relevant across sectors can bring widespread economic benefits, help governments achieve their policy goals, bolster collective security, and enhance cyber resiliency across the ecosystem,” the pledge concluded.

Next Steps

Dig Deeper on Cybersecurity strategies