At Tuesday’s Solarwinds Microsoft Fireeye Congressmiller Thehill hearing, executives from Microsoft and FireEye urged Congress to create mandatory breach reporting requirements for companies. In their testimony before the House Energy & Commerce Committee, Microsoft President Brad Smith and FireEye CEO Kevin Mandia warned of the risks posed by failures to report data breaches promptly. According to Smith, “Without prompt notification of cyber incidents, victims cannot contain and remediate damage quickly enough…. This creates a risk that the victim’s sensitive data will be stolen or misused in new ways. We need far better global approaches for securing digital infrastructure.”
Mandia echoed these sentiments, emphasizing the importance of organizations promptly disclosing when they have been breached: “It is almost as if those responsible for the attack can be given a ‘head start’ if an organization is not aware of the scope and nature of the attack. They may sometimes remain undetected while conducting the additional malicious activity.”
The testimony from Microsoft and FireEye serves as a reminder that cybersecurity is an increasingly important part of our lives. As more organizations rely on digital infrastructure to conduct their business, it becomes ever more essential to have strong security measures to protect them from cyberattacks. Congress must now act to ensure that all companies are held accountable for keeping their systems secure and reporting breaches promptly. We owe it to ourselves and future generations to stay ahead of these evolving.