Objective 1 — Developing and Implementing Appropriate Cyber Security Risk Management Practices

The wider use of ICTs creates the risk of increasing numbers of cyber incidents and breaches that can cause severe disruptions in the modern society and major economic damage to businesses. Moreover, those incidents can also undermine the trust of citizens and businesses in the digital society and discourage the use of digital technologies. Weak risk management practices can threaten all partners within value chains and production networks, with consequential effects on national and regional economies. For this reason, ways of raising awareness, especially amongst SMEs, about cyber risks should be explored and the adoption of good consumer practices needs to be encouraged.

Likewise, it is important to support innovative SMEs and high-tech start-ups in the area of cyber security, in order to facilitate their research activities, especially in their early development phases. This also entails them investing in cyber security in order to tackle threats, including those which target trade secrets, related to digitalization.

To this end, we the G7 ICT and Industry Ministers intend to:

encourage companies, notably SMEs, at their senior management level to improve awareness and to adopt effective cyber security risk management practices, taking into account comparable risk analysis methodologies;
promote cooperation between Governments and companies, particularly SMEs, involving industry associations, academia, tech community associations, security researchers and cyber risk insurance industry, to improve the evidence base on the economic and business impacts of cyber security and data breach incidents;
encourage and support consumers to adopt vigilant and proactive practices to safeguard their online identity and to actively use the trust services of their choice.

[back to top]

Objective 2 — Enhancing Cooperation

Cooperation represents the key factor to strengthen cyber security. There are different levels of cooperation, all equally important: among technical-operational bodies, governments and among governments and enterprises. Each of these types of cooperation should be improved.

Effective and constructive cooperation among G7 countries, national CSIRTs (computer security incident response teams) and between CSIRTs and businesses, can boost chances of preventing and responding to cyber threats through reliable and trusted channels for exchanging actionable information regarding potential and emerging threats. In this environment, the role of national CSIRTs is important as the main focal point, in particular for information sharing at technical and operational level.

Assessing the exposure of enterprises to cybersecurity threats and developing appropriate internal practices can help the enterprises, particularly SMEs, to enhance the security and resilience of their business processes.

Lack of knowledge makes businesses vulnerable to cyber threats and attacks. G7 countries should seek to increase the culture of cyber security and enhance the cybersecurity awareness especially among businesses.

Critical Information Infrastructures are usually handled by the private sector, including SMEs. Sharing information to protect critical information infrastructure from cyber threats is fundamental for the resilience and security of essential services for citizens and businesses.

Critical Information Infrastructure Protection (CIIP) is part of the digital agenda of many countries as well as international organizations. Some countries have already put in place a national framework and are revising their guidelines on this issue.

For this reason, we the G7 ICT and Industry Ministers intend to explore ways to improve cooperation among the public and private sector, including SMEs, in order to build an environment for the digital economy based on awareness, security and trust.

To this end we intend to:

foster constructive cooperation amongst the G7 countries' national CSIRTs and between CSIRTs and businesses of all sizes, in order to exchange information about cyber threats and vulnerabilities;
consider common ways to assess the exposure of enterprises to cybersecurity threats and for evaluating the effectiveness of the corresponding cybersecurity measures;
encourage the international community through collaboration between business, governments and civil society, to consider a variety of approaches such as security by design, risk management practices, market-relevant conformity assessments and appropriate security evaluation processes, to improve security throughout the value chain and foster greater confidence in the digital economy.
conduct awareness campaigns amongst SMEs about cyber security risks and how to manage them;
support initiatives to foster a culture of cooperation, notably between governments and businesses, for more effective knowledge of cyber threats and vulnerabilities;
promote information sharing through the collaboration of critical information infrastructure operators such as ISAC (Information Sharing and Analysis Centres ) or its equivalents.
promote global dialogue for co-operation and the sharing of good practice amongst all stakeholders, including cyber security risk management, for economic prosperity.

[back to top]

Source: Official website of the 2017 Italian G7 Presidency

—	This Information System is provided by the University of Toronto Libraries and the G7 Research Group at the University of Toronto.
	Please send comments to: g7@utoronto.ca This page was last updated September 28, 2017.