Bills that are being passed by The House of Representatives, recent data breaches at major companies, and cybersecurity are all becoming a main focus of the SEC. This suggests that the federal government may be prepared to change the legal landscape for cybersecurity risk. Even the President's 2015 State of The Union address featured cybersecurity proposals that signal how big a focus this is becoming for the executive branch.

The SEC may increase cybersecurity regulations soon

The federal government is poised to expand their regulations for companies with regard to cybersecurity risk. This is no surprise after the huge cyber attacks of 2014. Just look at the recent data breaches at Target, Sony, and Home Depot. The signs that suggest this change is coming include:

• Recent bills passed by The House of Representatives
• The way these bills will impact companies
• An increased focus on cybersecurity by the SEC

Bills passed by The House of Representatives

Just this past April, two new bills were passed by the House which will further encourage companies to disclose cybersecurity related information with the government. One of the benefits these bills promise for companies that open up their cybersecurity logs is protection against liability – provided the company continually checks their network for cybersecurity threats. Both of these bills are headed for the Senate, and they have a very good chance of passing there as well. These bills will setup a framework for companies to communicate information about security measures taken against cyber attacks with government agencies and other corporations.

How do these bills affect my company?

By allowing companies to share information directly with civilian federal agencies or the Department of Homeland Security, many more businesses will be involved in cybersecurity risk and information security. These bills are very likely to pass in the Senate. Legislators are feeling pressure to take action after the recent cyber attacks and these bills offer a way to address those concerns. If you aren't already involved with cybersecurity risk and information security in your company, get ready. As these changes go into effect, your company will need legal guidance with regard to which documents can be shared, how, and with whom. Opening up this information can be very helpful when addressing cybersecurity concerns, but there are always legal concerns when this much information is shared with people outside your company.

More of a focus on cybersecurity from the SEC

In March 2014, the SEC had a round table discussion to help them gather information and consider the next steps to address cyber threats. This past January, reports suggested that the SEC is now considering additional regulations which will require public companies to disclose information about cybersecurity threats and vulnerabilities.