Companies need effective information flows to manage and grow their business operations. But as part of our ongoing work with the 16 governments in the Regional Comprehensive Economic Partnership (RCEP) trade talks, we know that officials often argue that data cannot flow without critical building blocks in place first. Three important elements include cybersecurity, data privacy and consumer protection. We have taken on the task of working with companies in the region to develop what we think are sensible regulatory frameworks for each of these areas. These frameworks will be accompanied by indexes to track Asian government progress towards meeting specific elements. The first framework, on cybersecurity, is presented here and reprinted below. We had planned to present the cybersecurity framework to trade ministers in Singapore this weekend at the ASEAN Economic Ministers meeting. After all, the first element of the framework argues that trade and economic officials must be involved in the process of setting cybersecurity policy and not default to defense or home affairs alone. Unfortunately, ASEAN places cybersecurity matters under the political and security architecture and not in the economic pillar. It did not fit anywhere on the AEM agenda. This rather proves the point--cybersecurity cannot simply be placed in the remit of security agencies, but must include a broader set of stakeholders including trade and economic officials.