Cybersecurity Strategy Faces Hurdles

- The National Cybersecurity Strategy, introduced in March 2023, is structured around five core pillars: defending critical infrastructure, disrupting threat actors, shaping market forces, investing in a resilient future, and forging international partnerships. - A key legislative effort to address regulatory conflict is the bipartisan Streamlining Federal Cybersecurity Regulations Act, reintroduced by Senators Gary Peters and James Lankford, which would create a Harmonization Committee within the Office of the National Cyber Director to align federal cyber rules. - In her testimony, Heather Hogsett specifically criticized the SEC's Cyber Incident Disclosure Rule, arguing that public disclosure of ongoing incidents could expose vulnerabilities to other malicious actors. - Financial institutions in the U.S. navigate more than 10 separate cyber incident reporting mandates from various agencies, including the Office of the Comptroller of the Currency, the Federal Reserve, and the FDIC. - A survey of bank Chief Information Security Officers revealed they spend 30% to 50% of their time on compliance and managing examinations, with their teams dedicating up to 70% of their time to these functions. - The average cost of a data breach for the financial sector is $6.08 million, significantly higher than the global average of $4.88 million across all industries. - Beyond regulatory hurdles, the Government Accountability Office has identified other major challenges to the strategy's success, including the need for outcome-oriented performance measures and addressing the shortage of a skilled cyber workforce.