HomeCyber BalkansRuling by US Supreme Court expected to result in chaos in cyber...

Ruling by US Supreme Court expected to result in chaos in cyber regulation

Published on

spot_img

In 2023, the US Securities and Exchange Commission (SEC) adopted rules mandating registrants to disclose any material cybersecurity incidents within four days of determining their importance. Additionally, companies were required to reveal material information regarding their cybersecurity risk management, strategy, and governance on an annual basis. The regulations were implemented despite the fact that the Securities and Securities Exchange Acts, upon which the SEC based its rules, did not directly mention cybersecurity.

On the FCC front, in 2023, the US Federal Communications Commission (FCC) modified and reinforced its data breach notification rules for communications providers to safeguard against unauthorized use or disclosure of customer data. By issuing updated regulations, the FCC significantly amplified its enforcement authority under the Communications Act, which specifically addressed protections for customer proprietary network information (CPNI) and not the broader spectrum of customer data covered in the Commission’s rules.

Moving on to the US Cybersecurity and Infrastructure Security Agency (CISA), in April 2024, it put forth a proposal to adopt the cyber incident reporting requirements established under the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). The finalization of this rule is not expected until 2025. Throughout the development of this rulemaking, CISA had to interpret CIRCIA in a broader context to effectively implement the reporting requirements.

These regulatory developments mark significant progress in enhancing cybersecurity measures and ensuring the prompt reporting of cyber incidents. By enforcing stricter reporting guidelines and expanding regulatory authority, these agencies aim to improve data protection and bolster cybersecurity resilience in the face of evolving digital threats.

Overall, these regulatory changes signify a shift towards a more proactive approach to cybersecurity governance and risk management. Companies and organizations are now held to higher standards of transparency and accountability when it comes to managing and reporting cybersecurity incidents, reflecting the growing importance of cybersecurity in today’s interconnected digital landscape.

Source link

Latest articles

Proton Introduces Business Continuity Service to Ensure Communication During Outages

Swiss encrypted communications provider Proton has recently introduced a dedicated business continuity service aimed...

Surge in Compromised Logins Becomes the Primary Entry Point for Ransomware

Identity-Based Attacks: A Growing Threat in Cybersecurity Identity-based attacks and the exploitation of compromised credentials...

US Launches AI-Powered Gold Eagle Cybersecurity Group

White House Establishes Gold Eagle: A New Initiative in Cybersecurity Collaboration In a significant move...

OkoBot Malware Exploits ClickFix and SeedHunter to Steal Seed Phrases from Ledger and Trezor Devices

A newly identified malware framework known as OkoBot has emerged, specifically targeting cryptocurrency users...

More like this

Proton Introduces Business Continuity Service to Ensure Communication During Outages

Swiss encrypted communications provider Proton has recently introduced a dedicated business continuity service aimed...

Surge in Compromised Logins Becomes the Primary Entry Point for Ransomware

Identity-Based Attacks: A Growing Threat in Cybersecurity Identity-based attacks and the exploitation of compromised credentials...

US Launches AI-Powered Gold Eagle Cybersecurity Group

White House Establishes Gold Eagle: A New Initiative in Cybersecurity Collaboration In a significant move...