Meaningful and robust federal cybersecurity legislation is nearly across the finish line, and further developments indicate that reporting mandates are imminent. On September 21st, the United States Department of the Treasury’s Office of Foreign Asset Control released guidance that all U.S. companies not reporting ransomware attacks would be subject to enforcement action and possible fines. The Biden administration was on Capitol Hill on September 22nd to press the issue forward.
Homeland Security Secretary Alejandro Mayorkas intimated support for requirements that all critical infrastructure providers report cyberattacks in a timely fashion. Mayorkas suggested that various agencies of the U.S. government have methods to restore compromised data without paying ransoms; but speed in reporting a breach is critical.
Source: