What Does SEC Regulation Mean for the Future of Cybersecurity?

Many remember the colossal data security breach suffered by Target during last year's Christmas season. Others who are more up to date with cybersecurity industry news may mention the heartbleed bug. No matter what tech threat comes to mind, these data mishaps have come squarely into the focus of Congress, according to InformationWeek. While legislators debate what regulatory laws may be on the table, what this means for information technology specialists and businesses is still unknown.

According to the National Journal, Rep. Fred Upton — the head Republican on the House Energy and Commerce Committee — has recommended that data protection may need to be handled differently by the government. Reportedly, the current system involves an amalgamation of state and federal laws, which the congressman believes could be bolstered by a new data security strategy. While no solid legislation has been introduced to date, lawmakers are still debating what route to take.

The National Journal reported that House republicans may be swayed if Upton were to endorse legislation for a national data security standard for businesses that would require customers to be notified about data risks. At the same time, Democrats fear a less forceful federally mandated security standard could weaken current state regulations regarding data security. Instead, many politicians on the left are calling for legislation that will strengthen the Federal Trade Commission to allow the entity to punish companies that do not provide adequate security.

InformationWeek suggested that this could move cybersecurity up from the IT department and into the boardroom, as greater tech breaches could mean hefty business fines and operating costs. As boards are often held accountable for configuring adequate risk management programs elsewhere, the recent surge in data fraud and cyber threats combined with increased government regulation could move IT threat prevention into upper management.