While cybercrime has been occurring for years, most incidents were not reported or discussed publicly until the past couple of years. As a result of recent high-profile incidents and exponential cyberattacks, the issue has emerged into the national sphere and propelled into the legislative and regulatory spotlight. Cybersecurity has entered a new era in which governments, regulatory agencies, and companies are working together to improve oversight of cybersecurity incidents and bolster cyber regulations. This article at Harvard Business Review by Stuart Madnick speaks about the new cybersecurity regulations and some basic ways to prepare for them.
In the United States, a whole suite of new cyber regulations and enforcement is in the offing. The Federal Trade Commission, Food and Drug Administration, Department of Transportation, Department of Energy, and Cybersecurity and Infrastructure Security Agency are all working on new rules. Additionally, 36 states passed new cybersecurity legislation, including the EU’s GDPR and incident reporting requirements, the data localization rules of China, Russia, and CERT-In in India.
Most national rules on the subject have been more concerned with privacy than cybersecurity. Thus, less than 25% of cybersecurity incidents get reported. Since this approach is untenable, many agencies and authorities in the United States, including Congress, the White House, the Securities and Exchange Commission (SEC), and several local governments, are considering, pursuing, and enforcing cyber regulations requiring companies to report cyber incidents. This especially holds true in industries that provide critical infrastructures, such as energy, healthcare, communications, and financial services.
The Benefit of Cyber Regulations
A more comprehensive understanding of what attackers are trying to do will make all companies safer. This requires significant and prompt reporting of incidents. According to recent event reports, only 288 of the over 200,000 known vulnerabilities in the National Vulnerability Database (NVD) have been reported. When businesses are aware of these weaknesses, they can prioritize them accordingly.
To read the original article, click on https://hbr.org/2022/08/new-cybersecurity-regulations-are-coming-heres-how-to-prepare