A New Cyber Reality: The CISA 2015 Sunset, Critical Infrastructure, and Cyber Insurance
By Dara Gibson Today, the Cybersecurity Information Sharing Act of 2015 (CISA 2015) has officially sunset, leaving a significant gap in the legal landscape that has governed cyber information sharing for a decade. If you are a leader in critical infrastructure, whether in the energy grid, water sector, or financial services, this is a pivotal moment for your organization and your cyber risk posture. As a longtime partner in the InfraGard community, I’ve seen firsthand how public-private collaboration can turn the tide against cyber threats. We’ve relied on that collaboration to understand emerging threats and prepare for the inevitable. Now, without the broad liability protections CISA 2015 provided, that sharing dynamic is fundamentally changed. What does this mean for your organization? 1. A potential chilling effect on threat intelligence sharing CISA 2015 offered companies a "safe harbor," shielding them from civil lawsuits, antitrust actions, and regulatory penal...