Cybersecurity awareness month wraps up this week in Europe and the U.S., and it’s the perfect time to reiterate that digital transformation will only succeed if people and organizations can rely on the security of data and connected systems. Digitization and cybersecurity must progress in close association.

Security providers are responsible not only for innovating and implementing solutions, but also for building digital trust. Earlier this year, we saw the start of an initiative with great potential to make our digital world more secure and increase trust. This Charter of Trust brings together companies and players from a variety of industries to work with governments to “establish a reliable basis upon which confidence in a networked, digital world can take root and grow.”

There are currently 17 organizations in the Charter of Trust, including IBM. Last February, we signed on to 10 key principles that cover areas such as security by default, education and security responsibility in the digital supply chain. But signing the Charter was merely the start of a collaborative process to improve security. Since then, the partners have broken down the various principles into concrete recommendations and requirements that companies and governments can put in place to improve security.

How the Charter of Trust Is Tackling Security in the Digital Supply Chain

Take, for example, security in the digital supply chain. The digital supply chain for any one service often involves a broad spectrum of players, from component suppliers for industrial products to subprocessors in a cloud service. For critical applications, nine out of 10 players in the supply chain have likely already implemented advanced cybersecurity practices. However, these may differ according to the product or service, leading to increased complexity and risk.

A second tier of suppliers, categorized as lower-risk, are unlikely to be subjected to the same requirements as high-risk suppliers, but still pose a risk to overall security. If any one player falls short in any element of security, the entire supply chain is put at risk. It is the weakest link in the chain that defines its overall strength.

To tackle this challenge, we are working together with other Charter of Trust partners to put security requirements in place for all players in the supply chain across all sectors. Similar work is ongoing across the other nine principles, where we’re identifying pragmatic actions that will establish a baseline for security in the Internet of Things (IoT) environment.

Why Governments and Organizations Must Come Together to Build Digital Trust

The key to the Charter’s success is collaboration. A single company or entity cannot hedge the all-encompassing impact of digitization and cybersecurity and create a greater sense of trust for users on its own; it has to be the result of close collaboration at all levels. In our interconnected world, where we expect that tens of thousands of devices will connect to the internet every second, trust cannot be siloed within borders, sectors or companies. We need coordinated strategies to put in place criteria for security in the IoT environment.

At the heart of the Charter is a desire to “combine domain knowhow and deepen a joint understanding between firms and policymakers of cybersecurity requirements and rules in order to continuously innovate and adapt cybersecurity measures to new threats.” The private-public collaboration will improve the sharing of domain-specific threat information and stimulate common interoperable standards — for example, how threats are categorized in terms of criticality and what syntax is used to describe them. That’s why we continue to invite governments of the world to engage with the Charter of Trust as it develops.

For IBM, being active in the Charter of Trust means we can tangibly contribute recommendations for the security that we know is key to digital transformation, and help drive a collaborative effort to build trust. In the coming months, the Charter of Trust is going on the road to engage with more governments and bring new companies on board, including stops in Washington, D.C., Brussels, Munich, Rome, Tokyo and elsewhere. We look forward to welcoming new and committed partners to the Charter.

If you would like to be a part of this significant initiative, take a look online or attend one of our upcoming global events. As businesses, we must not hold back on building trust.

More from CISO

How Do You Plan to Celebrate National Computer Security Day?

In October 2022, the world marked the 19th Cybersecurity Awareness Month. October might be over, but employers can still talk about awareness of digital threats. We all have another chance before then: National Computer Security Day. The History of National Computer Security Day The origins of National Computer Security Day trace back to 1988 and the Washington, D.C. chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit and Control. As noted by National Today, those in…

Emotional Blowback: Dealing With Post-Incident Stress

Cyberattacks are on the rise as adversaries find new ways of creating chaos and increasing profits. Attacks evolve constantly and often involve real-world consequences. The growing criminal Software-as-a-Service enterprise puts ready-made tools in the hands of threat actors who can use them against the software supply chain and other critical systems. And then there's the threat of nation-state attacks, with major incidents reported every month and no sign of them slowing. Amidst these growing concerns, cybersecurity professionals continue to report…

Moving at the Speed of Business — Challenging Our Assumptions About Cybersecurity

The traditional narrative for cybersecurity has been about limited visibility and operational constraints — not business opportunities. These conversations are grounded in various assumptions, such as limited budgets, scarce resources, skills being at a premium, the attack surface growing, and increased complexity. For years, conventional thinking has been that cybersecurity costs a lot, takes a long time, and is more of a cost center than an enabler of growth. In our upcoming paper, Prosper in the Cyber Economy, published by…

Reporting Healthcare Cyber Incidents Under New CIRCIA Rules

Numerous high-profile cybersecurity events in recent years, such as the Colonial Pipeline and SolarWinds attacks, spurred the US government to implement new legislation. In response to the growing threat, President Biden signed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) in March 2022.While the law has passed, many healthcare organizations remain uncertain about how it will directly affect them. If your organization has questions about what steps to take and what the law means for your processes,…