July 27th, 2017

By Jeff Stone
The Wall Street Journal

Private sector heavyweights are uniting as part of an effort to help small- and medium-sized enterprises increase their awareness about digital threats and mitigate cyber risks.

The Cyber Readiness Institute, launched Wednesday, is a nonprofit organization that aims to help SMEs navigate the world of cybersecurity by connecting executives with top U.S. business leaders and third-party organizations. The organization’s co-chairs include Satya Nadella, chief executive of Microsoft Corp., Ajay Banga, president and chief executive of Mastercard Inc., Samuel Palmisano, former chief executive at International Business Machines Corp., and Penny Pritzker, former U.S. secretary of commerce.

“How do we take the resources and lessons of large companies and help small and medium enterprises use that for their own cyber risk management and for their employees?” asked Kiersten Todt, managing director for the Institute. “The objective here now is to create a membership of senior leaders across the globe to put that together.”

Ms. Todt and Mr. Palmisano served as the executive director and the vice chairman, respectively, of the Obama administration’s Commission on Enhancing National Cybersecurity. The commission made as number of recommendations to the federal government that were later included in the Trump administration’s executive order on cybersecurity.

Assigning cybersecurity responsibility to cabinet officials, an initiative to fight botnets, a workforce initiative and the plan to use the U.S. National Institute of Science and Technology’s cybersecurity best practices across the government were all among the recommendations adopted in the executive order. Mr. Palmisano said the Institute will continue to raise awareness about many of the same issues.

“We need to quite honestly simplify best practices and the NIST framework for small business,” he said. “Part of the process in convening leadership is to converge their ideas and come up with an approach that applies to SMEs. Maybe that means helping them assess their vulnerabilities with a questionnaire, or a methodology that helps them see that their biggest exposure is their firewall, or a lack of password security.”

After a series of leadership meetings–the first being tentatively scheduled for October on third-party risks–the Institute aims to create an online curriculum where interested executives can educate themselves.