Business Roundtable is advancing cybersecurity protection top-down in the private sector by creating and resourcing corporate programs to manage cybersecurity risks. We believe Congress and the Administration should create smart cybersecurity policies that facilitate new levels of domestic and international collaboration to combat escalating threats, beginning with increased information sharing with the private sector. To ensure the success of meaningful public-private information sharing, Business Roundtable supports legislation to create the requisite legal and privacy protections. We also urge domestic and international policymakers to exercise care in approaching cybersecurity standards and additional regulations, as these approaches are not adequately matched to quickly evolving cybersecurity threats.
Business Imperative
Cybersecurity threats from nation states and other highly-motivated actors present risks to national and economic security. Cybersecurity shot to the top of the public policy debate with President Obama's issuance of an executive order on cybersecurity. But cybersecurity threats – and need for action – are nothing new to the companies that make up the Business Roundtable. Cybercriminals routinely target the networks that our companies rely upon, posing risks to customers, suppliers, trade secrets and the delivery of critical services.
With so much at stake, the Business Roundtable carefully considered how government and business might work together to strengthen the nation's cybersecurity resilience. The result was "More Intelligent, More Effective Cybersecurity Protection" in which we argued for a more dynamic and sophisticated framework for dealing with constantly evolving cybersecurity threats.
Information Sharing
The missing piece of effective cybersecurity is robust, two-way information sharing between business and government.
The Business Roundtable believes that the foundation of any successful cybersecurity policy must be improved information sharing between business and government. Several impediments have held public-private information sharing back for the past decade. To ensure the success of meaningful public-private information sharing, we support legislation to create the requisite legal and privacy protections. Specifically, we recommend that:
- Congress enact appropriate legal and privacy protections; and
- Federal agencies commit to share information, including classified information, in real time.
Private Sector Commitment
Our nation's attention to cybersecurity risks has reached a new level, reflecting the rising threats to America's national and economic security. CEOs have long given these threats the serious attention they warrant, but need effective tools to get the job done. We are committed to doing our part within the private sector to strengthen cybersecurity, including:
- Instituting programs that bring threat information into corporate risk management;
- Taking action on significant cybersecurity risks, and
- Communicating these risks and responses to boards of directors responsible for overseeing cybersecurity risks to corporations.