This week, the President of France issued the Paris Call for Trust and Security in Cyberspace. The document is a cybersecurity pact seeking consortium of technology companies, governments and NGOs to improve the stability and safety of the internet. With its unveiling, the declaration touted support from some of the tech industry’s largest players and a handful of countries in Europe.
Leaders in corporate and government spheres around the world have significantly increased their focus on cybersecurity in recent years. The most immediate consequences of cyber attacks and breaches are felt by businesses, whose brand reputations and budgets can be significantly impacted. Beyond the corporate landscape, infrastructure and democracy are also common targets of nefarious activity, which is why cybersecurity has become one of the most critical issues in global society today.
A healthier cyber world stands to benefit everyone. To this end, many organizations are working independently and collaboratively to gain deeper knowledge about the cybersecurity landscape, increase intelligence sharing across industries and authorities and establish stronger defenses against increasingly aggressive malicious actors. Broad adoption of policies and standards like the Paris Call can improve transparency and help guide cybersecurity initiatives.
For organizations looking to either sign onto the Paris Call, or better understand the impact it will have as it gains adoption, there are a few key things to know:
- The Paris Call is not a regulation. Unlike laws that address cybersecurity and data privacy (GDPR, China Cybersecurity Law, California Consumer Privacy Act, etc.), the Paris Call is a non-binding agreement of the "responsibilities of key private sector actors in improving trust, security and stability in cyberspace and encourage initiatives aimed at strengthening the security of digital processes, products and services." It asserts that the rights and liberties individuals have should also apply in cyberspace. Still, there are no penalties or consequences associated with the document or lack of participation with it.
- Certain countries have opted out thus far. Some of the world’s most powerful countries, including the U.S., China and Russia have not signed on to the Paris Call. Largely, these countries are focused on developing cyber policies of their own, to ensure they are beneficial to their needs and goals. Business leaders should keep a pulse on how this evolves, and if/when additional nations join the agreement.
- This is a powerful reminder that the private sector is rightly taking an active role in cybersecurity policy. Corporations today already understand the importance of strong cybersecurity within their networks. But as the landscape shifts, and advocacy efforts like the Paris Call gain momentum, it is important for business leaders to evaluate if involvement with widespread cybersecurity standards and principles makes sense for their organization. Further, it is important to consider how participation or lack of it will impact both the bottom line and public perception of how the organization values consumer trust.
- Operationalizing around advocacy takes time. Organizations that either decide to join the Paris Call, or decline to join but still aim to independently mitigate vulnerabilities to data breaches or malicious activity, need to be proactive. Organizations can enhance their internal practices and programs and raise the bar on cybersecurity and data privacy. These initiatives take time, but with proactive strategy, they can be built into the fabric of any organization.
Participation in the Paris Call may not make sense for every business or government. But some of the standards outlined in it - including preventing cyber theft of sensitive information, hindering the proliferation of malicious tools and techniques, strengthening digital processes and promoting confidence building with the public - are important best practices that can help any business better weather the future cybersecurity climate.