pjmedia.com By Julio Rivera
Cybersecurity is often described as an arms race. Defenders innovate, attackers adapt, and the cycle repeats at ever-accelerating speed. In 2015, the United States attempted to give defenders an advantage by enacting the Cybersecurity Information Sharing Act (CISA 2015). By creating a legal structure for companies to share cyber threat information with the government and each other, it sought to transform isolated defenders into a coordinated force.
That framework is now at risk of expiration, and the consequences could be profound. Without CISA 2015, the already fragile system of public-private cooperation may collapse into silence and secrecy. Attackers — whether cybercriminals or state-sponsored actors — would be the ones to benefit.
When companies experience a cyberattack, their instinct is often to minimize exposure. Acknowledging a breach can cause stock prices to plummet, invite regulatory action, and trigger lawsuits from customers or shareholders. While the SEC has issued rules requiring disclosure of material cyber incidents, enforcement remains inconsistent.
CISA 2015 offered some balance by providing liability protection for companies that shared threat data. Its expiration removes that incentive, increasing the likelihood that breaches will remain hidden. That silence leaves other organizations exposed, unaware that the same techniques may be used against them.
For publicly traded companies, the expiration of CISA raises difficult questions about compliance with SEC requirements. If a company chooses to conceal an attack in order to protect its valuation, it undermines not only investors but also the broader market. Accurate risk information is essential for functioning markets, and cyber risk is now as material as financial risk.
…
Read Full Article Here…(pjmedia.com)
Home | Caravan to Midnight (zutalk.com)
Live Stream + Chat (zutalk.com)
Be First to Comment