Developing and securing multilateral agreement on global cyber norms

A global technology company sought our support in developing a set of industry norms to protect cyberspace users and reduce the risk of business and consumer digital operations being undermined by cyberattacks. The company needed a strategic approach to build broad consensus across multiple sectors—governments, businesses, and civil society organizations—to create a unified framework of non-binding norms that could eventually evolve into binding expectations.

• Designed a strategy to engage key stakeholders, including companies, civil society, and governments, in recognizing and addressing the growing threat of cyberattacks.
• Convened meetings with top international experts and coordinated outreach to governments, companies, and organizations to identify and rally a core coalition in support of the initiative.
• Developed and drafted a set of non-binding norms to guide the behavior of leading companies, civil society organizations, and governments in cyberspace.
• Created a strategy to expand adherence to the non-binding norms, with the goal of promoting their evolution into binding expectations for responsible behavior in cyberspace.

Our program culminated in the successful launch of the Paris Call for Trust and Security in Cyberspace, which has been signed by one in three countries, more than 300 companies, and 130 civil society groups. This widespread endorsement of the framework has positioned the Paris Call as a key driver in global cybersecurity efforts. Additionally, the announcement of the Cybersecurity Tech Accord—a public commitment by more than 70 global companies to protect civilians online and enhance cyberspace stability—further strengthened the global coalition for cybersecurity. These results not only helped solidify a shared vision for online security but also set the stage for greater global collaboration in the fight against cyber threats. The initiative has paved the way for the evolution of non-binding norms into enforceable standards, reinforcing the commitment to a safer and more secure cyberspace.