A lack of harmonization in cybersecurity regulation harms outcomes while increasing compliance costs through additional administrative burdens, the White House Office of the National Cyber Director said in a new report. The ONCD last year issued a request for information to gather public input about improving cybersecurity policy. The report summarizes the responses from multiple industries, with many respondents citing inconsistent and sometimes duplicative requirements by federal, state and international authorities. Many respondents also noted that compliance spending drew resources from cybersecurity programs, and they provided “numerous suggestions” for the administration and Congress for improving cybersecurity policy.
Financial services sector respondents “broadly supported the need for enhanced cybersecurity regulation to protect critical infrastructure, but also voiced significant concern about the current regulatory environment, citing a lack of alignment among regulatory agencies at the international, federal and state level,” according to the report. Respondents generally agreed that setting national baseline cybersecurity requirements would benefit the sector, with the ONCD pointing to joint American Bankers Association and Bank Policy Institute comments arguing for more regulatory alignment.
“By leveraging established frameworks, regulated entities can prioritize resources and make well-informed security investments,” ABA and BPI said. “Common standards also allow regulators to tailor examinations and generate comparable responses across regulated entities.”