SAN FRANCISCO – Today, in partnership with the Coalition to Reduce Cyber Risk (CR2), 37 companies and organizations have pledged to enhance cyber resiliency and counter evolving cross-border cyber threats such as the growth of ransomware. Signers to this groundbreaking pledge from eight countries have promised to:

  • Encourage the development, evolution and implementation of risk-based approaches that rely on consensus-based standards and risk management best practices, such as ISO/IEC 27110 and 27103, or the NIST Cybersecurity Framework;
  • Support efforts of our vendors and supply chain contributors to adopt risk-based cybersecurity approaches in order to help small businesses flourish while improving the resiliency of the cyber ecosystem;
  • Incorporate ISO/IEC (or other widely accepted international) cybersecurity standards as a foundation of our cybersecurity policies and controls wherever applicable and feasible; and
  • Periodically reassess our cybersecurity policies and controls against revisions to ISO/IEC cybersecurity standards and actively participate in industry-driven initiatives to improve those standards.

“CR2 is committed to driving a globally-aligned approach for managing cyber risk. Thirty-Seven organizations from eight countries have signed the Cyber Risk Management Pledge, demonstrating the breadth of usage of international standards such as ISO/IEC 27110 and 27103, as well as the NIST Cybersecurity Framework and associated sector profiles.” said Benjamin Flatgard, President of CR2 and Executive Director of Technology and Cybersecurity Policy and Partnerships at J.P. Morgan Chase. He added “Governments should embed widely used international standards at the core of their national cyber policies to facilitate a seamless approach to shared cyber risk.”

For more information on the CR2 and the pledge, or if your company or organization is interested in joining the pledge, please visit

For a French version of this press release, click here.


Joshua Lamel, 202-246-1400, @email

Elizabeth Guillot, 202-344-4574, @email


The Coalition to Reduce Cyber Risk (CR2) is a multi-sector, multi-national coalition, partnering with governments around the world to increase adoption of risk-based approaches to cybersecurity. Our principles for cybersecurity risk management are grounded in industry experience and a successful track record and include: clarity and consistency, risk-based, outcome focused, and agility. CR2 believes in an open, collaborative, and iterative approach to support the adoption of frameworks for cybersecurity risk management. CR2 emphasizes the foundational role that effective cybersecurity risk management plays in enabling resilient digital trade and articulates the need for effective cybersecurity policies to sustain growth in the digital economy.