Cybersecurity has become a foundation of economic stability and public trust, and cannot be managed by government or business alone. ICC advances collaborative approaches that keep the digital environment open, trusted and resilient.
Cybersecurity is stronger through shared responsibility.
Digital infrastructure, largely developed and operated by the private sector, underpins activity across all sectors.
When this infrastructure is disrupted or compromised, the effects ripple through supply chains and undermine public confidence in the digital economy.
As a result, cybersecurity has evolved from a purely technical concern into a strategic imperative for economic resilience, competitiveness and public trust. These risks make it clear that cybersecurity cannot be addressed by business alone.
Governments must set clear, coherent and risk-based policy, legal and enforcement frameworks that support security objectives and protect citizens. Working in partnership, cybersecurity measures are more likely to be practical, proportionate and effective.
ICC champions cybersecurity approaches that keep the digital environment open, trusted and resilient. Together with our industry experts, we provide practical insights on how to bolster cybersecurity.
This includes balanced policy approaches and recommending appropriate safeguards that don’t undermine individual rights – focused around the implementation of the UN Convention against cybercrime and the UN Global Mechanism on cybersecurity.
Companies continue to invest heavily in protecting their systems, yet to manage the scale and sophistication of today’s threats requires governments to play a critical role. They can deter malicious activity, ensure laws are consistently enforced and can work hand-in-hand with the private sector to anticipate threats and coordinate responses. Bringing the respective expertise of government and the private-sector together creates the conditions for developing shared expectations and more compatible security requirements – which in turn reduces the risk of regulatory fragmentation, strengthens resilience across critical sectors and builds trust in digital ecosystems.
Critical infrastructures – from power grids and water systems to finance, health and supply chains – are increasingly targeted by sophisticated cyber threats. Protecting them not only demands robust government action, but also close cooperation with operators who manage these systems every day. Governments should adopt risk-based cybersecurity standards aligned with global best practices – avoiding overly rigid compliance models that may discourage transparency or innovation. Prescriptive requirements that fail to reflect evolving threats or operational realities can discourage businesses from voluntarily sharing information about incidents or vulnerabilities and limit their ability to innovate in deploying more effective security solutions.
Alongside regulation, governments and operators must actively support each other through intelligence sharing, incident response coordination and red-team exercises that simulate real-world attacks. Cybersecurity for critical infrastructure cannot be achieved by regulation alone. It must be maintained through continuous partnership, joint preparedness and shared accountability.
Cyber threats know no borders. Effective responses require governments to deepen international cooperation and implement agreed norms of responsible state behaviour. Existing international norms – including those developed by the United Nations – provide a solid foundation. However, these commitments only improve security when they are put into practice. Governments must work together to share timely information, coordinate responses to major incidents and improved legal assistance that respects rights and fosters trust.
At the same time, international collaboration against cybercrime should focus on practical operational measures – including timely and safeguarded information sharing between competent authorities, streamlined cross-border cooperation mechanisms for investigations, and capacity-building initiatives that strengthen technical and institutional capabilities across jurisdictions – as opposed to overly broad or poorly defined treaties that could undermine human rights or disrupt business activity.
Bringing governments, business, civil society and technical experts together is essential for making cybersecurity policy both credible and workable. Inclusive engagement ensures policies are grounded in technical reality, sensitive to societal needs and responsive to economic imperatives.
Governments should move beyond one-off consultations and embed non-state stakeholders throughout the entire policymaking cycle – from design to implementation and review. At the international level, multistakeholder processes also strengthen legitimacy and secure wider buy-in, vital for addressing borderless challenges like cybercrime. By contrast, purely intergovernmental processes risk producing rigid, impractical outcomes that fail to meet the needs of the digital ecosystem.
In a statement issued on behalf of businesses worldwide, ICC has stressed the need for urgent government action and business expertise to strengthen cyber resilience. As cybersecurity governance takes shape at the United Nations, ICC’s position is clear: Without inclusive cooperation that brings together governments, industry and other stakeholders, the digital foundations of growth, trust and security will remain at risk.
In an era defined by digital interconnectedness, safeguarding critical infrastructure and essential services has become paramount. This paper delves into the complexities of this critical task and offers actionable insights and a holistic approach to addressing evolving cyber threats. It particularly focuses on striking the right balance between regulation and sustainable controls supported by both the voluntary actions of the private sector and decisive action from governments.
The cyberspace is an intrinsic part of the development of every country, creating enormous opportunities and enabling everything from distance learning to innovation and economic efficiencies. This paper offers concrete recommendations to encourage the international community to take action to ensure the cyberspace is safe and secure for all.
The global business community has made significant and continuing investments in securing technologies and developing defensive cyber tools, skills, and procedures. Despite these major contributions, the number of cyber threats keeps rising. ICC calls for urgent and concrete actions by governments on various fronts.
Respecting your privacy
We use necessary cookies to make our site work. We'd also like to set optional cookies to optimize site functionality and to give you the most relevant experience. We won't set optional cookies unless you enable them. Using this tool will set a cookie on your device to remember your preferences.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
Always active
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
