BreachExchange mailing list archives
Time for Congress to act on cyber security
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Mon, 30 Mar 2015 19:17:27 -0600
http://www.businessinsurance.com/article/20150329/NEWS06/303299997/time-for-congress-to-act-on-cyber-security Repeated cyber security breaches finally have focused congressional attention on how best to deal with this exploding exposure. As we report on page 1, a Senate panel recently held the first-ever hearing on cyber insurance. It was an event void of partisan fireworks. Lawmakers are seriously considering private insurance as a market-driven way to encourage companies to take steps to mitigate their risk. We certainly welcome the congressional focus on the issue, and the fact that legislators are looking to the market for some solutions. Now it's time to transform that focus into action. We think there are two things Congress should move on quickly that would help companies better manage their cyber security risks and by doing so, could encourage the expansion of the cyber insurance marketplace. The first is simple. Right now, there are about 50 different state and other governmental requirements for reporting cyber security breaches. The sheer number both slows down reporting and adds to costs. This situation begs for a single federal reporting standard. After all, cyber criminals don't respect international borders, let alone state lines. Adopting a single standard is nothing less than common sense. The second action is more complicated, but nonetheless doable. Congress needs to agree on a system whereby private entities can share cyber breach information with each other and the federal government without fear of being subject to unwarranted liability. Crafting such a system also must take into account legitimate privacy concerns. Nobody wants personally identifiable information or trade secrets to be disclosed. Fortunately, several bills designed to accomplish those goals already have been introduced in Congress. While no bill will satisfy everyone entirely, getting something reasonable on the books should allay both privacy concerns and corporate fears of expanded liability. There appears to be growing bipartisan support for tackling the issues surrounding cyber security. The time to act is long overdue. There's no reason to put off action until the next major cyber security breach. Such a breach is inevitable, but having a framework in place to allow quicker reporting of the incident and easier sharing of information about it only can make the risk more manageable.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Time for Congress to act on cyber security Audrey McNeil (Apr 07)