Feds Aim For More Insight On Hacks With Maze of Policies
Law360
Feds Aim For More Insight On Hacks With Maze of Policies
Law360
Haima Marlier and Alex Iftimie spoke to Law360 about the U.S. Securities and Exchange Commission (SEC) and the Cybersecurity and Infrastructure Security Agency (CISA) examining the details of breach reporting rules expected to have an impact on the way publicly traded companies and critical infrastructure operators respond to cyberattacks.
“The requirements for companies to disclose features of their cybersecurity risk infrastructures, if taken literally, could provide a road map for cybercriminals to attack those companies,” Haima said.
She added that given the crush of comments mentioning a law enforcement exemption, it’s likely that the SEC will at least “seriously consider” adding such a provision.
With federal breach disclosure rules continuing to proliferate, businesses are likely to push lawmakers to harmonize aspects of the regulations in order to simplify the reporting process.
“The private sector has an appetite to create some simplicity and consistency in these rules,” Alex said. “They are looking to make sure that there is one door to walk through and a consistent set of standards to follow.”
Read the full article.