Washington’s Cybersecurity Disconnect
The Securities and Exchange Commission’s (SEC) new corporate cybersecurity disclosures rules took effect Friday, requiring companies to disclose security-related policies and inform regulators promptly of significant hacks.
Looking back at 2023, the SEC’s emphasis on cybersecurity contrasts sharply with other policy makers’ apathy towards cybersecurity. As in many other cases, Washington’s left hand seems unaware of what its right hand is doing.
This year, legislation reappeared in Congress that would weaken cybersecurity. While no legislation gained much traction, these efforts reflect a continued willingness among many lawmakers to trade the user’s online privacy and security for regulatory control.
The year also provided myriad reminders as to why lawmakers should prioritize cybersecurity.
In 2023, there were many hacks perpetrated against governments, universities, the biggest corporations, and the biggest casinos. This trend will likely accelerate next year. “In 2024, we anticipate cyber criminals or scammers to continue employing novel social engineering tactics,” says Google Cloud’s latest Cybersecurity Forecast.
Policy makers should heed these warnings. For the average user, secure-by-design app stores, payment platforms, and operating systems provide an indispensable service. They allow someone who knows nothing about digital technologies to access the digital world’s revolutionary benefits without fear of its very real threats. They broadly (albeit imperfectly) keep otherwise vulnerable users secure.
Breaking these security features with bad policy would benefit the regulators who gain control over the market, the hackers who may exploit regulatorily created weaknesses, and the tech firms who dislike the free market status quo.
Who loses is the average user.
Published on December 14, 2023