By Drew M. Smith
Vol. 2 February 2015
Cyber breaches have become a worrying trend in the insurance industry. More and more people have reported breaches and it is not limited to small businesses. Many large companies are getting hacked every day and it has gotten to the point that the government may have to step in and provide assistance. This is where the newly passed Cybersecurity Information Sharing Act (CISA) comes into play.
Signed towards the end of last year, CISA in a nutshell, allows groups like the FBI and NSA to act as monitors and businesses as informants. In the event of a cyber breach, private entities are permitted to inform the FBI and Department of Homeland Security and other policing groups. These groups would then send it to the proper groups and crack down on the breach or the virus. In theory, this makes it easier to find criminals and protect assets.1
Proponents of this law say that this sharing of information would not include Personal Identifiable Information (PII), a common issue in the event of breaches. They believe that this act would do its part to protect this information by not only securing it, but allowing the information to stay secret from the government. On the other side of the spectrum, opponents are worried that this PII is just as vulnerable to the government. Looking at the NSA bulk collection crisis, the opponents of such a bill believe this is the work around for the NSA to collect their information and monitor them. In addition, it wouldn’t just be the employee’s information that would be at risk, it would be their customers and those people would not have the same protection that the corporations would have under this law.2
CISA is a step in the right direction for cyber security. It allows companies and the government to work together to take down hackers and eliminate potentially destructive viruses. Those backing the act say it’s a way to protect PII, from hackers, while opponents say it’s another way for the government to keep track of your files. Cybersecurity is an evolving threat and we can expect the government to increase regulations and security of cyber-attacks.