Mar. 10, 2022
I am concerned about the criminalizing companies for being victims of crime. It’s akin to putting the parents of a kidnapped child in jail because they did not report the kidnapping in the time and manner proscribed by the government. In the guise of protecting investors the penalty will pile on expenses to the company that has been attacked so the investor is further hurt, not “protected”. It’s a difficult issue I admit. I’d be more inclined to support a law forbidding ransom payments. The attacks would dry up if they become of no financial benefit. I’d prefer to see penalties against individuals at companies instead of financial penalties against that hurt the stockholders. Put a few managers and executives in jail for 10 days and compliance would be much more robust. Putting financial penalties that rob the shareholders of wealth through no fault of their doing and on top of the expense of the cyber attack just doesn’t seem the best way. It feels like a money making scheme for the regulators. Jeff Wyatt