Every organization stores valuable data, whether they are a retail chain, a military defense company, or a Silicon Valley startup. Technology also evolves so that hackers can exploit vulnerabilities, and there are more cybersecurity data breaches than ever before. There were more data breaches in 2020 than in the previous fifteen 15 years before that, proving that spending more money on cybersecurity is not slowing down the cyber attacks.
There is an ongoing debate about how companies should report and deal with these cyber attacks, and Congress has now introduced several cyber security focused bills. Lawmakers have argued about how companies should deal with cybersecurity breaches for years.
More lawmakers are worried about the potential consequences of a significant cyberattack on the United States. High-profile data breaches such as the Solarwinds hack and the Equifax data breach have also raised questions about how businesses should deal with cyber instructions. The Federal Bureau of Investigation, or the FBI, is one of the driving forces behind the legislation.
As it stands, there are currently different laws regarding data breach notification from state to state. The Cyber Incident Notification Act of 2021 hopes to provide some best practices so that the United States can remain vigilant and responsive with respect to state-sponsored hacking and cybercriminals.
About The Act
The Cyber Incident Notification Act of 2021 requires that organizations notify the federal government within 24 hours of a “cyber intrusion” of any kind. Specifically, they would have to report to the Department of Homeland Security. Lawmakers introduced the law in July 2021.
Many companies suffer from cyber attacks or a data breach but choose not to come forward. The obvious reason is that there is reputational damage that comes with a cyberattack, and the organization will not want to lose revenue. Many companies are afraid that they will have to face shareholder lawsuits or create unnecessary fear among investors. The bill would offer these companies “limited immunity” to companies that report cyber attacks.
The rise in ransomware attacks has been one of the main reasons Congress is now thinking about cybersecurity bills. The Cyber Incident Notification Act of 2021 is not the only bill recently created to address recent data breaches, as there are 18 bills in Congress addressing the issue. Several committees have been trying to introduce this kind of legislation for some time.
There is currently no concrete federal data breach legislation in place. The bill would create a Cyber Intrusion Reporting Capabilities system that would receive and store classified information. The bill is also designed to protect federal contractors in particular, since these contractors might store valuable and sensitive government data.
The bill would also penalize businesses who do not report cybersecurity incidents, up to .5% of annual gross revenues. For a tech organization that generates billions of dollars in revenue, it could mean millions of dollars. The bill has bipartisan support, and the goal is for organizations to disclose data breaches so that they do not cause further damage to the country’s infrastructure.
The Cyber Incident Notification Act of 2021 is one of the most high-profile cybersecurity bills currently being discussed. Lawmakers are interested in increasing cybersecurity funding, but the bills also address other sectors, such as how cryptocurrencies should be investigated and regulated.
Cybersecurity In 2021
One of the reasons that the U.S. government is cracking down on cybersecurity is because it is clear that there are other nations involved. While it might be difficult to narrow down exactly which country is behind every ransomware attack, the truth is that there are many loosely organized groups of Russian and Chinese hackers that are constantly targeting companies.
There is a growing concern about cybersecurity because the cybercriminals are also attacking schools, governments, and utility companies. President Biden is also currently trying to improve the cybersecurity infrastructure in general, and he warned about cyber warfare ramping up into a “shooting war”, especially in the wake of the Kaseya hack, Colonial Pipeline hack, and the JBS data breach.
There’s another question regarding whether cyber incident response should change depending on the sector. For example, there are some companies that might have personal information, while other companies might store data that is valuable for national security reasons. Cybersecurity analysts have disagreed about whether companies should treat these data breaches the same.
There are also a number of reasons for the rise in data breaches. First, the pandemic has also led to more data breaches. Ransomware attacks have risen in popularity among hacker groups, and they’ve been quite effective when it comes to compromising data. Supply chain attacks can also end up revealing company and government data that is extremely confidential.
Controversy Over The Cyber Incident Notification Act
There are also arguments about how exactly organizations should handle a cyber attack. While some experts agree that it makes sense to notify the federal government as soon as possible, other cybersecurity analysts disagree about whether ransom should actually be paid out during a cyber attack.
Some have pointed out that there aren’t enough details about what constitutes a cyber attack, but others say that this is intentional. Senator Mark Warner, a chair of the Senate Intelligence Committee, stated: “That was intentional. We need to balance the compulsory reporting requirement with the burden on the reporting entities, which is why the legislation mandates the reporting requirement, but defers to the executive branch on the specific implementation details.”
Ransomware attacks in particular have been effective when it comes to getting companies to pay out “ransoms” for tools that can help mitigate the risk of the virus. The FBI believes that
Malimar Technology Group boasts a group of expert IT professionals and cybersecurity experts to help protect your business from cyberattacks. We can help guide your organization with respect to preventing data breaches and cyberattacks in the future, and offer seamless remote support to our clients regarding their IT needs.
We are one of the top cybersecurity companies in the San Diego area, and offer services such as server/PC management, strategic IT planning, and server backup solutions.