Due to mounting concerns over legal liability, companies that have experienced a security breach are potentially holding back from informing law enforcement agencies. This growing issue was most recently highlighted in an amicus brief filed by a group of twenty ex-federal law enforcement and national security officers in the U.S Securities and Exchange Commission (SEC)’s ongoing fraud lawsuit against tech company SolarWinds.
The IT firm SolarWinds was subjected to a considerable data breach between 2019 and 2020, which is now at the center of the SEC’s fraud case. The plaintiffs worry that the fear of legal consequences may hinder critical information sharing with the authorities that could otherwise hasten investigations, mitigate damage, and perhaps even prevent future attacks.
The increasing interconnection of our world makes cybersecurity a problem beyond the boundaries of single organizations; it has quickly become a matter of national, and even global, security. This quandary brings to light several complex legal questions about data privacy, legal liability, national security, and the role of each stakeholder in the world of cybersecurity.
As the digital landscape continues to evolve and threats proliferate, it becomes more important than ever to ensure a robust and cooperative strategy between private entities and public agencies. Creating an environment where breached companies feel secure enough to share incident details promptly and transparently with the public authorities will be critical in the collective defense against cyber threats.
To read the details of these latest developments in the New York Law Journal‘s original piece, please visit their website.