In 2012, the U.S. House of Representatives passed a bill called the Cyber Intelligence Sharing and Protection Act (CISPA). Designed to improve digital security, the bill has proven controversial because it aims to achieve the goal of increased online safety by granting government bodies greater access to records of individuals' Internet use.
At present, CISPA remains a bill – that is, it hasn't yet been voted on in the Senate and some members of the Obama Administration have noted that the president would veto the bill if it were passed by both chambers of Congress.
But how exactly would CISPA (or similar legislation) affect your cyber safety as a small-business owner? And would the bill affect your need for cyber risk insurance? Here's an overview of what you need to know.
CISPA: A Blunt Instrument for Insuring Cyber Risk
If CISPA became a law as it is currently worded, it would...
- Increase the government's authority in investigating cyber threats.
- Make cyber attacks more difficult for cyber criminals.
- Allow for the sharing of information between private companies and government bodies.
- Potentially allow government bodies to track individuals' Internet use history without a warrant and without permission.
Supporters of CISPA argue that no price is too great to pay for cyber risk insurance that actually reduces the likelihood of a major data breach or cyber attack. They suggest that, as more and more of our lives are lived online and more of our personal data is stored in the cloud, the government should do everything in its power to ensure that the Internet remains safe.
CISPA detractors, however, argue that the law would amount to an unjustified invasion of individual privacy, and that no amount of insurance against cyber threats is worth such a loss of liberty.
The Future of Cyber Risk Insurance
For owners of small technology businesses, CISPA has the potential to offer greater information protection, but it might also offer a false sense of security to those who store and process sensitive data. While it's possible that government bodies would be able to legally request and access customer data from small businesses, it's more likely that regulators would focus their energy on larger corporations, which would have far more information to use.
The other reality of the situation is that cyber security laws will likely always lag behind the actual threats businesses and individuals face. While it's a good idea to stay abreast of the latest on CISPA's progress through Congress, owners of small tech firms should be realistic about their need to protect themselves against data breaches and other cyber risks, which will almost certainly outpace the government's ability to protect against them.
Want more information about the latest digital security laws? Check out this digital legislation overview of how the latest laws and bills might affect various aspects of your life.