It should be no surprise that as the awareness of cyber threats and the experience with cyber attacks continues to explode, government at both the Federal and State levels are engaging; providing a framework of responsibilities, requirements, disclosure guidance, all intended to increase cyber security. While it is clear that the systemic, existential risks associated with cyber threats requires a regulatory response, the "how" can be as important, perhaps more so, as the "what". The fluid nature of cyber threats argues against a static regulatory framework. I argument can be made for regulation focused on "outcomes" as opposed to "process". While government is acting, do they have the expertise for a nuanced approach to regulation? This month's Blog for RSA Conference.
| less than a minute read
Cybersecurity - Enter the Law Makers & Regulators
According to the National Conference of State Legislatures (NCSL), 36 states in 2021 enacted cybersecurity legislation. About half of these states have provided strengthened security measures to protect government resources. In addition, new legislation in Connecticut and Utah provides incentives for private sector entities to have reasonable security practices in place at the time of a breach