CYBER SECURITY LEGISLATION IN THE US
Cyber security is one of the key issues of our time. Cyber attacks and breaches are increasingly common, putting a huge amount of data at risk of falling into the hands of malicious actors. From credit card information to social security numbers, to medical records, to private email correspondence, companies are storing more and more data. Consumers furnish online vendors and social media sites with information pertaining to almost every facet of their day to day lives. An attack on a data centre by an ambitious hacker or nation state could have catastrophic consequences for millions.
More must be done to help turn the tide against cyber criminals and protect data. Companies must do more to protect their networks, data and employees from malicious attacks. Third party risks must be countered. Training and education programmes for employees must be run and regularly updated and a culture of compliance established. Companies can and should do more.
In that spirit, more must also be done on a legislative level. Efforts are underway in a number of jurisdictions to increase cyber security regulations and offer further protections for users and companies alike.
In late October 2015, after a number of considerable delays, the Senate overwhelming passed the Cybersecurity Information Sharing Act (CISA) of 2015, a controversial bill intended to encourage businesses to share information about cyber threats with the government by providing them immunity from customer lawsuits. Supporters of the Act claim that the CISA is desperately needed as companies and government agencies look to stave off cyber attacks. Allowing organisations and the government to share information about internet threats, both the public and private sectors will be better placed to react and respond.
Jan-Mar 2016 Issue
Richard Summerfield