The Top 5 Cyber Issues for 2022
Amid a sharp rise in ransomware attacks over the past year, cyber gained prominence as a top business risk and national security concern – and 2022 is shaping up to be the year of cybersecurity standards and compliance. In our January issue of the Privacy In Focus newsletter, special counsel Lyn Brown, who recently joined Wiley from the FBI, outlines the Top Five Cyber Issues to watch for in 2022:
- The Race to Require Cyber Incident Reporting. Despite numerous attempts to pass mandatory cyber incident reporting, Congress came up short at the end of the year. Look for the U.S. Department of Justice (DOJ), and the Federal Bureau of Investigation (FBI) to press for mandatory cyber incident reporting to the FBI – frequently with private sector support – as Congress takes up this important issue in 2022.
- The Rush to Regulate Cyber Standards and Punish Cybersecurity Deficiencies. Look for the government to expand regulatory obligations, oversight, and accountability in 2022 for private sector entities at risk from cyberattacks, particularly those in critical infrastructure.
- FBI Shifts Focus to Victim Assistance and Asset Recovery. With “double extortion” emerging as a leading tactic for cybercriminals, the government in 2022 will seek to combat ransomware attacks by depriving the bad actors of monetary gains. The FBI, in particular, will likely focus less on traditional indictments and more on asset recovery and incident response.
- A Federal Standard of Cybersecurity Care. In 2022, the government will continue to send signals to the private sector about what the government considers to be the relevant standard of care for cybersecurity building upon the Cybersecurity and Information Security Agency (CISA) “Common Baseline” for improving cybersecurity for critical infrastructure and its Cybersecurity Incident Response and Vulnerability Playbooks.
- Prioritizing Cybersecurity. Businesses need to prioritize cybersecurity in 2022 to protect against malicious threats to their operations, data, and revenue streams. Companies can look to federal contracting standards, NIST publications, and now the CISA Playbooks and “Common Baseline” for guidance. This year will also bring increased regulatory requirements to incentivize good cybersecurity and more enforcement actions to penalize what the government perceives to be deficient cybersecurity.
For additional analysis of what to watch for in 2022, read Lyn Brown’s Privacy In Focus article, “2022 Cyber Watch List: A look at 2021 and What’s to Come in the Year Ahead.”