{"id":139066,"date":"2022-05-08T01:02:55","date_gmt":"2022-05-08T06:02:55","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2022\/05\/cybersecurity-reporting-mandates-could-make-us-more-vulnerable-not-less"},"modified":"2022-05-08T01:02:55","modified_gmt":"2022-05-08T06:02:55","slug":"cybersecurity-reporting-mandates-could-make-us-more-vulnerable-not-less","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2022\/05\/cybersecurity-reporting-mandates-could-make-us-more-vulnerable-not-less","title":{"rendered":"Cybersecurity reporting mandates could make us more vulnerable, not less"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/cybersecurity-reporting-mandates-could-make-us-more-vulnerable-not-less2.jpg\"><\/a><\/p>\n<p>Those who call for mandatory reporting have the right intent, but if it\u2019s not implemented in the right way, it will cause more harm than good.<\/p>\n<p>Mandatory reporting almost always puts companies at risk, either legally or through financial penalties. Penalizing an organization for not reporting a breach in time puts it in a worse cybersecurity posture because it is a strong incentive to turn a blind eye to attacks. Alternatively, if a company knows of a breach, it will find ways to \u201cclassify\u201d it in a way that falls into a reporting loophole.<\/p>\n<p>The reporting timelines in the law are arbitrary and not based in the reality of effective incident response. The first hours and days after a breach are integral to the actual incident reporting process, but they are chaotic, and teams are sleep-deprived. Working with lawyers to determine how to report and figuring out the evidence that companies do and don\u2019t want to \u201csee\u201d just makes the process harder.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Those who call for mandatory reporting have the right intent, but if it\u2019s not implemented in the right way, it will cause more harm than good. Mandatory reporting almost always puts companies at risk, either legally or through financial penalties. Penalizing an organization for not reporting a breach in time puts it in a worse [\u2026]<\/p>\n","protected":false},"author":662,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,45,1496],"tags":[],"class_list":["post-139066","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode","category-finance","category-law"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/139066","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/662"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=139066"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/139066\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=139066"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=139066"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=139066"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}