IGF 2023 WS #245 Trust and Transparency as a Benchmark for Internet Security


Data Governance & Trust
Big Data Architecture, Usage and Governance
Cross-border Data Flows and Trust
Data Privacy and Protection

Organizer 1: Heng Lee, Kaspersky
Organizer 2: Genie Gan, 🔒
Organizer 3: alharbi thamer, Kaspersky
Organizer 4: Jochen Michels, 🔒Kaspersky

Speaker 1: CRAIG JONES, Government, Intergovernmental Organization
Speaker 2: Abdoulaye S Doucoure, Intergovernmental Organization, African Group
Speaker 3: Dennis-Kenji Kipker, Technical Community, Western European and Others Group (WEOG)
Speaker 4: Deemah Alyahya, Intergovernmental Organization, Intergovernmental Organization


Genie Gan, Private Sector, Asia-Pacific Group

Online Moderator

Heng Lee, Private Sector, Asia-Pacific Group


alharbi thamer, Private Sector, Western European and Others Group (WEOG)


Panel - 90 Min

Policy Question(s)

How can transparency help in building capacity in cybersecurity?
What are technical challenges faced by both public and private sector to adopt transparency?
When do we consider transparency as strength not as weakness?
Is there a need for government to issue legislation to force companies to adopt transparency in cybersecurity?
How can public and private sectors work jointly alongside regulators to improve cyber capacity building?

What will participants gain from attending this session? Participants and attendees will learn about:

The challenges of transparency in cybersecurity
How transparency can become a competitive advantage
The role of transparency in promoting trust
The role of governments in improving transparency
How transparency can help organizations against cyber-attacks


With digital transformation comes increased incidences of cyberattacks, and being transparent about cybersecurity risks and vulnerabilities will help ensure that the world finds the best possible solutions to crowdsource and attract the best solutions to counter them.

Having to be transparent about the threats faced by one’s own organization, and shortcomings in information sharing practices, may seem daunting. However, given the multiplicity and magnitude of threats that organizations face today, transparency makes a critical difference. Collaborations between regulators and players in both the public and private sectors can help regulators to put in place a set of regulations to encourage the right mitigative measures against cybersecurity risks, and timely reporting of cybersecurity incidents. In the US, the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) puts in place guidelines for all critical infrastructure companies including food and agriculture, and financial services to report cybersecurity incidents like ransomware attacks. In Europe, the EU’s draft Cyber Resilience Act introduces elements of increased transparency, with requirements for manufacturers of hardware and software products to actively report exploited vulnerabilities and incidents throughout the lifecycle of the product. These signal a cultural shift where transparency is a sign of strength, rather than an exposé that will not be looked upon favourably.

The belief in transparency has been slowly, but steadily gaining momentum. A report by PWC on Transparency in the Digital Age laid out seven principles for better cybersecurity reporting for companies, of which the first principle encouraged companies to invest time in explicitly detailing the inherent risk they have identified and the potential impacts of the breach, not just to themselves but also to other organizations which might be vulnerable to the same risks. This illustrates a possible future where cybersecurity reporting is underpinned by transparency, rather than by compliance.

Expected Outcomes

The expected outcomes of the session are to propose ideas that highlight the importance of transparency, and to establish transparency as a means to increase organizations’ cyber resilience. Kaspersky's researchers have previously written a white paper on our signature Global Transparency Initiative (GTI) as a framework for increasing trust in cyberspace (see: https://media.kaspersky.com/en/research-paper-global-transparency-initi…). This session will help to enhance and update ways in which transparency manifests through practice, for an updated version of the paper.

Hybrid Format: We propose to have a hybrid session, with a physical panel discussion on stage, as well as one of our speakers dialling in remotely. Our facilitator is experienced in moderating such sessions (see such an event for example: https://www.kaspersky.com/about/policy-blog/general-cybersecurity/apac-…) and we will have an online moderator and rapporteur to ensure interaction and engagement.

The Flow of Event is proposed as follows:
Opening by Moderator
Introduction of Distinguished Speakers
Short Opening Remarks by each Distinguished Speaker
Open Question and Answer Session
Rapid Fire Closing (short concluding remarks by each Distinguished Speaker)

Tools: Zoom or Microsoft Teams, with Kahoot or Menti for quiz engagement.