“Merely introducing new guidelines with no cultural shift in how corporations prioritize and implement sturdy security measures can render these updates ineffective,” mentioned Borja Rodriguez, supervisor of risk intelligence operations at cybersecurity vendor Outpost24. “Firms should not solely adjust to the foundations but additionally embed cybersecurity into their core operations and put money into proactive methods.”
Imposing stricter guidelines and fines might “unintentionally present leverage to ransomware teams,” as these fines are sometimes cited in ransom calls for to strain organizations into paying, Rodriguez warned.
“To mitigate this, the federal government ought to take into account balancing enforcement with incentives for real enchancment in cybersecurity posture, corresponding to funding, help packages, or recognition for attaining excessive security requirements,” Rodriguez mentioned.