Cybersecurity Legislation May Do More Harm Than Good

Posted on 02.16.17

Cybersecurity Legislation May Do More Harm Than Good

This article, written by Chris Moschella (Keiter) and Collin Hite (Hirschler Fleischer), is featured in the February 2017 issue of Virginia Business.

“A paramount concern for the commonwealth’s businesses — large and small — is cybersecurity. During the current session of the General Assembly, state Sen. Glen Sturtevant proposed an update to Virginia’s cyber crime statute. The amendment would have made it a felony for cyber criminals to use ransomware. This was a worthwhile bill considering the explosion of ransomware crimes during the past year, which can hit Virginia’s small businesses hard. Although the legislature jettisoned the bill this session, it is a sign that Virginia lawmakers are beginning to seriously consider regulations in the area of cybersecurity. However, we urge caution.

Cybersecurity laws are quickly becoming complex and fragmented as more and more are being passed around the country and at the federal level. In addition, governmental agencies also issue guidance on what each expects from businesses they regulate, such as the Securities and Exchange Commission (SEC). Finally, there are even private regulations that can impose cybersecurity requirements on Virginia’s business community. This jumble of laws, regulations and rules are making it increasingly difficult for businesses to comply without an undue burden. For example, approximately 48 states and the District of Columbia have separate cyber-breach notification laws. Lawmakers should move cautiously in proposing any cybersecurity regulations in Virginia to avoid further confusion and the creation of  “just another cybersecurity requirement.”  It is critical that states work together to bring uniformity to their respective cybersecurity laws. The National Governors Association has the ability to take the lead on this issue, and we urge it to do so.”

Access full article.

…………………..

The information contained within this article is provided for informational purposes only and is current as of the date published. Online readers are advised not to act upon this information without seeking the service of a professional accountant, as this article is not a substitute for obtaining accounting, tax, or financial advice from a professional accountant.

Posted by: Christopher Moschella, CPA, CISA

Chris is a Senior Manager in Keiter’s Risk Advisory Services. Chris has a strong combination of IT skills, which range from IT audit and internal control assessments, including general computer controls and application controls, to full stack web development. Most recently, Chris developed a Cybersecurity web application that assesses an organization’s resistance to social engineering attacks. Chris shares his cybersecurity insights on our blog