SolarWinds fallout continues as the US Senate Intelligence Committee Chairman Mark Warner says that Congress will revisit the issue over whether to require companies to disclose cyber breaches. Previous attempts by the government to require notification were reportedly blocked by private sector lobbying. But the scale and damage of the SolarWinds hack—and the fact that had FireEye not disclosed the breach, the damage would likely have continued to increase much further—means that it will be far more difficult for opponents of disclosure to continue to successfully block this type of legislation.
The trend towards stricter disclosure requirements is welcome. Senator Warner’s comments come only a few days after the US Comptroller of the Currency, Federal Reserve and Federal Deposit Insurance Corporation have also proposed a new rule requiring a much greater level of disclosure by banks that experience a breach (current rules allow banks to decide if a breach is material enough to require disclosure).
It is reasonable to expect that these disclosure requirements would lead C‑Suites and boards of directors to place an even higher priority on implementing stronger cyber security measures, in part due to their desire to avoid the embarrassment that comes with public reporting. However, it would be a mistake for them to view this simply as an onerous bureaucratic measure, as Cyberhedge research shows that companies with sector leading cyber governance are rewarded with stronger financial and share price performance. This is because in our increasingly digitized world, an increased focus on cyber governance goes hand in hand with better and more effective Digital Transformation strategies.
Far from being an added ‘cost’ that will have a net negative impact on a company’s finances, increased disclosure will instead lead to better outcomes both at the individual company level and at a macro‑level, similar to how the establishment of the Federal Aviation Administration (FAA). The FAA’s intense focus on investigating and improving airplane safety led to much reduced safety incidents and as a result an increase in air travel and the accelerated growth of the airline industry.