This follows the ransomware attack on Colonial Pipeline in May. As criminal and state-sponsored cyberattacks intensify, the administration is focusing on threats to US critical infrastructure and the financial system, both primarily private sector-run. The new obligations on companies represent a further policy move away from corporate self-management of cyber threats.
- Corporates hit by a state-sponsored cyberattack will have to coordinate their response closely with the US administration.
- Public-private partnerships will be key, given the large private sector role in US critical infrastructure and the financial system.
- Regulators' next concern will be cyber risk in the fast-growing use of artificial intelligence in financial services.