Janine Hiller, Kathryn Kisska-Schulze, Scott Shackelford
{"title":"Cybersecurity carrots and sticks","authors":"Janine Hiller, Kathryn Kisska-Schulze, Scott Shackelford","doi":"10.1111/ablj.12238","DOIUrl":null,"url":null,"abstract":"<p>In an unsustainable trend, each year is touted as the worst on record for data and system breaches. 2020's dubious top distinction was exceeded across numerous metrics in 2021, and 2022's numbers set another unwanted record. The growing epidemic of ransomware, data breaches, and cyber-enabled attacks pushes policymakers and business leaders to consider what can be done to reverse the cyber-insecurity spiral. Amidst the current cybersecurity landscape fraught with regulatory gaps, dependence on self-regulation, and resource constraints of small- and medium-sized businesses, policymakers should seize opportunities to reward reasonable cybersecurity postures and disincentivize underinvestment in cybersecurity best practices. Bold and coordinated actions are needed to dislodge the unsustainable trend of increasingly damaging cyberattacks, and to create a more holistically secure digital future. To move the needle toward a more robust cybersecurity ecosystem, this article proposes an incentive-based strategy that breaks the mandate-versus-self-regulation dichotomy, leveraging a carrots and sticks tax approach to spur stronger cybersecurity postures across the ecosystem. Such proposal outlines a framework for a Federal Cybersecurity Investment Tax Credit, tailored and mapped to select entity types, combined with a cyberinsecurity tax, thus promoting the principle that businesses have basic cybersecurity responsibilities and fundamental duties to operate securely in a digital society. In addition, this article introduces supplementary tools as part of an enhanced cybersecurity tax policy toolkit. Given pressing national and global cyber risks, this article continues a long-standing conversation about the operative use of tax policy as part of a holistic approach to reaching a secure and sustainable digital future.</p>","PeriodicalId":54186,"journal":{"name":"American Business Law Journal","volume":"61 1","pages":"5-29"},"PeriodicalIF":1.3000,"publicationDate":"2024-01-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1111/ablj.12238","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"American Business Law Journal","FirstCategoryId":"90","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1111/ablj.12238","RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"BUSINESS","Score":null,"Total":0}
引用次数: 0
Abstract
In an unsustainable trend, each year is touted as the worst on record for data and system breaches. 2020's dubious top distinction was exceeded across numerous metrics in 2021, and 2022's numbers set another unwanted record. The growing epidemic of ransomware, data breaches, and cyber-enabled attacks pushes policymakers and business leaders to consider what can be done to reverse the cyber-insecurity spiral. Amidst the current cybersecurity landscape fraught with regulatory gaps, dependence on self-regulation, and resource constraints of small- and medium-sized businesses, policymakers should seize opportunities to reward reasonable cybersecurity postures and disincentivize underinvestment in cybersecurity best practices. Bold and coordinated actions are needed to dislodge the unsustainable trend of increasingly damaging cyberattacks, and to create a more holistically secure digital future. To move the needle toward a more robust cybersecurity ecosystem, this article proposes an incentive-based strategy that breaks the mandate-versus-self-regulation dichotomy, leveraging a carrots and sticks tax approach to spur stronger cybersecurity postures across the ecosystem. Such proposal outlines a framework for a Federal Cybersecurity Investment Tax Credit, tailored and mapped to select entity types, combined with a cyberinsecurity tax, thus promoting the principle that businesses have basic cybersecurity responsibilities and fundamental duties to operate securely in a digital society. In addition, this article introduces supplementary tools as part of an enhanced cybersecurity tax policy toolkit. Given pressing national and global cyber risks, this article continues a long-standing conversation about the operative use of tax policy as part of a holistic approach to reaching a secure and sustainable digital future.
期刊介绍:
The ABLJ is a faculty-edited, double blind peer reviewed journal, continuously published since 1963. Our mission is to publish only top quality law review articles that make a scholarly contribution to all areas of law that impact business theory and practice. We search for those articles that articulate a novel research question and make a meaningful contribution directly relevant to scholars and practitioners of business law. The blind peer review process means legal scholars well-versed in the relevant specialty area have determined selected articles are original, thorough, important, and timely. Faculty editors assure the authors’ contribution to scholarship is evident. We aim to elevate legal scholarship and inform responsible business decisions.