According to the latest Unisys Security Index, Americans are most concerned about data breaches at banks (66.7%) and within federal, state and local public sector entities (61.8%). Healthcare organizations (60%) and telecommunications and internet service providers (59%) are next on the list. And, they also harbor some level of concern about identity theft (83%) and credit-card fraud (82%), both of which can arise from breaches at large organizations.
But when it comes to sharing data breach information with the government, Americans are split. Roughly half (48%) of respondents said they do not believe private businesses should be forced to disclose and share cyber-attack intelligence, but a similar proportion (46%) said they think Congress should pass cybersecurity legislation mandating that the private sector share cyber-attack information with the government.
The poll was undertaken in March, via 1,006 telephone interviews, approximately a month before the controversial Cyber Intelligence Sharing and Protection Act (CISPA) was passed by the United States House of Representatives. CISPA is not expected to be considered by the Senate this year, and many point to a lack of consensus on its information-sharing requirements as the reason.
“Americans clearly see a need for stronger methods to prevent cyberattacks, and many see a natural role for government in that process, but they differ on precisely how government and the private sector should interact in that regard,” said Steve Vinsik, vice president of enterprise security for Unisys. “Regardless of where the legislation ends up, businesses and government agencies need to realize that the costs of breaches far outweigh those of prevention – and that Americans are paying close attention.”
CISPA may be dead in the water, but President Obama issued an executive order in February requiring the government to take action toward better information-sharing between government and industry when it comes to defending against threats to critical infrastructure. “We know hackers steal people’s identities and infiltrate private email," Obama noted in February's State of the Union address, the same day he issued the order. "We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions and our air traffic control systems.”
In May, the US General Services Administration (GSA) issued a request for information (RFI) calling for input on ways to make the federal government's cybersecurity more resilient, to comply with the order. Meanwhile, the Senate has introduced the Deter Cyber Theft Act, which aims to protect the fruits of billions of dollars in research and development from spies – both homegrown as well as state-sponsored. The Deter Cyber Theft Act would require the Director of National Intelligence to compile an annual report on foreign economic and industrial espionage, including a priority watch list of the worst offenders.