Newly published research examines global approaches to cyber legislation and regulation across six jurisdictions, shedding light on the challenges created by rapidly evolving policy landscapes

Alexandria, Va., April 26, 2023 – ISC2 – the world’s largest nonprofit association of certified cybersecurity professionals, and the Royal United Services Institute (RUSI), the world's oldest independent think tank on international defense and security, today released a new research report titled "Global Approaches to Cyber Policy, Legislation and Regulation." Findings from the report reveal that as cybersecurity policies and regulations evolve rapidly around the world, the call for greater standardization and collaboration is necessary to ensure stronger and more resilient frameworks to support shared learning and best practices.

The report reviews cybersecurity legislation and regulation within Canada, the European Union, Japan, Singapore, the United Kingdom and the United States, identifying various challenges shaping cyber policy. These issues include the shortage of skilled cybersecurity professionals, the complexities of the critical national infrastructure (CNI) and international cooperation on norm development for cyberspace. By bringing together insights from different jurisdictions and stakeholders, the report shows the importance of cooperation between private and public stakeholders and that policy makers increasingly seek harmonization of cyber policy.

"While the report identifies a number of trends in the cyber policy landscape, the increasing reliance on binding cybersecurity obligations for the critical national infrastructure sectors and beyond stand out, but the obligations different jurisdictions impose to increase cyber resilience vary,” said Pia Hüsch, Research Analyst for Cyber, Technology and National Security at RUSI. “The report therefore draws crucial attention to the need to better understand which policies are effective in increasing cyber resilience and how they impact businesses and the cyber workforce implementing them."

“Policymakers must take a proactive, rather than reactive, approach toward cybersecurity policy and collaborate across borders, industries and sectors to establish common standards, protocols and best practices,” said Clar Rosso, CEO of ISC2. “Findings from this report provide valuable insight into top legislative and regulatory priorities, which emphasizes the need for greater harmonization between policymakers, cybersecurity professionals and other stakeholders to improve cyber resilience and address pressing cybersecurity challenges in 2023 and beyond. To protect our national security, economies, critical infrastructure, and the data and privacy of our citizens, we need consistent, strong, forward-looking and joined up policies that enable cybersecurity professionals around the world to stay laser-focused on the most critical aspects of their jobs.”

The report delves into several other key headlines, including:

  • More regulations are coming; organizations must prepare now – not later. 
  • No country or government is immune to the cybersecurity skills and workforce gap.  
  • Global standardization is critical, and full international cooperation is needed, to protect and uphold ethical principles and standards. 
  • Fortifying critical infrastructure is a top priority for all jurisdictions — especially with more interconnectedness and "state lines" blurring.  
  • Collective defense is needed between the public and private sectors and across jurisdictions to support norm development.

The report's findings and recommendations will be discussed at an ISC2 Parliament Event on “Leadership in Cybersecurity: How can the U.K. set the global standard?” The event will be held on April 26 and will feature influential speakers from U.K.’s public sector.

Then, on April 27 at RSA Conference 2023, ISC2 will host a session “What You Need to Know about the Global Cybersecurity Regulatory Landscape.” ISC2 Executive Vice President of Advocacy, Global Markets and Member Engagement Tara Wisniewski will walk cybersecurity professionals through the report’s findings, highlighting what they need to know about today’s rapidly evolving global cyber policy environment.

For more information, please visit the "Global Approaches to Cyber Policy, Legislation and Regulation." report.

Study Methodology

Royal United Services Institute (RUSI) conducted this research from December 2022 to March 2023. The six jurisdictions studied – the U.K., the E.U., the U.S., Canada, Japan and Singapore – were chosen because they drive policymaking in cybersecurity and are leaders in the field, either as norm developers or because of their technology sectors. The research focused primarily on policies enacted or proposed between 2019 and 2023. The research underlying this publication was primarily based on a review of existing literature.

About RUSI

The Royal United Services Institute (RUSI) is the world’s oldest and the UK’s leading defence and security think tank. Its mission is to inform, influence and enhance public debate on a safer and more stable world. RUSI is a research-led institute, producing independent, practical and innovative analysis to address today’s complex challenges. Since its foundation in 1831, RUSI has relied on its members to support its activities. Learn more at

About ISC2
ISC2 is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP®) certification, ISC2 offers a portfolio of credentials that are part of a holistic, pragmatic approach to security. Our association of candidates, associates and members, more than 365,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation – The Center for Cyber Safety and Education™. For more information on ISC2, visit, follow us on Twitter or connect with us on Facebook and LinkedIn.

© 2023 ISC2 Inc., ISC2, CISSP, SSCP, CGRC, CSSLP, HCISPP, CISSP-ISSAP, CISSP-ISSEP, CISSP-ISSMP and CBK are registered marks, and CC is a service mark of ISC2, Inc.

Media Contact:
Amanda Steinman
Senior PR Manager