Potential Cybersecurity Strategies Taking Shape, Including Disclosure Rules

Last month, we detailed the emerging threats posed by cyberattacks to companies and the public at large. We also discussed the absence of obvious solutions to improve defenses against hackers. We’re starting to see some strategies for possible solutions now come together.

The White House is taking advantage of its bully pulpit. Even before the Securities and Exchange Commission announced its noteworthy settlement with First American Financial Corporation over lax cybersecurity in June, the Biden administration was promoting the need for businesses to beef up their defenses. The National Security Council’s cybersecurity adviser, Anne Neuberger, wrote corporate leaders last month to express the urgency of the potential threats. “Business leaders have a responsibility to strengthen their cyber defenses to protect the American public and our economy,” White House press secretary Jen Psaki said at the time.

While the White House offered suggestions on best practices, the guidance lacked any mention of consequences for cybersecurity deficiencies.

Meantime, in light of increased ransomware attacks on companies, insurance carriers are raising cyber insurance premiums and reducing payout amounts. They’re also tightening their underwriting standards – which often requires companies to boost their cyber protections. Facing extra scrutiny, companies often are waiting longer to obtain coverage.

The administration has been more explicit when it comes to one of the biggest vulnerabilities exposed in recent hacking events: infrastructure. That need became clear earlier this year when a ransomware attack forced the Colonial Pipeline to shut down its network for days. The incident left many gas pumps on the East Coast dry for an extended period.

Prompted by the Colonial Pipeline shutdown, the Department of Homeland Security laid out new cybersecurity requirements last week for pipeline operators. They include implementing a cybersecurity contingency and recovery plan and reviewing the operators’ cybersecurity architecture design.

Some experts are proposing disclosure as a prophylactic against hacking. As Maine Sen. Angus King pointed out in a CNN interview, there was a multiple-day gap between when the Colonial Pipeline was hacked and when the company notified the government. That kind of lag limits what authorities can ultimately do to remedy the situation, such as freezing transactions involving digital tokens, hackers’ currency of choice. For companies wary of the bad PR that follows a data breach, paying the ransom often seems more appealing. More disclosure would help increase awareness and understanding of cyber-criminals’ tactics, but it would also demand more alignment between the byzantine rules governing disclosure at different levels of government. From companies’ and insurers’ perspective, though, increasing disclosure might not necessarily provide a better understanding of how to assess risk and anticipate costs associated with these issues.

The SEC may soon bring clarity to the situation as it evaluates creating rules for cybersecurity disclosures under the umbrella of environmental, social and governance issues. The agency is currently working on new ESG reporting rules at the behest of the Biden administration. Even with the enormity of that project and the contentious debates over what should go into the ESG rules, regulators may soon find cybersecurity measures moving up the list of priorities.

Latest Articles

Five Big Questions About Trump’s Plan for Tariffs on China

President-elect Donald Trump made the geopolitical rivalry between China and the United States a key theme of his campaign during the 2024 election cycle. Trump and his advisers ha...

Read More

SEC Dings SolarWinds Victims for Cybersecurity Disclosures

Last month, the Securities and Exchange Commission settled four enforcement actions against current and former publicly traded companies for making what it deemed “materially misle...

Read More

Southwest Airlines Makes Concessions to Thwart Proxy War

Southwest Airlines has long cherished its reputation for doing air travel differently than other major characters. Among its most famous quirks, Southwest has been known for its op...

Read More