Feb 16 – Despite a series of newly developed federal and state policies, and individual corporate efforts, U.S. networks and critical infrastructure systems require significant additional cyber security advances and investments in order to thwart the most menacing of modern cyber adversaries.
It’s well-known that tax credits and penalties can motivate businesses to reshape and revise cyber security practices. Experts are now considering the role that tax incentives and penalties play in moving security initiatives forward, particularly within the U.S.
Taxes and cyber security
If nothing is certain besides death and taxes, tying cyber security to tax incentives and penalties might just increase certainty around cyber security – maybe.
A new 98-page study that’s due for publication in the American Business Law Journal, proposes a three-tier Federal Cybersecurity Investment Tax (FCIT) credit in order to encourage enterprises to implement essential cyber security practices.
How FCIT would work
According to the proposal, the first tax-credit tier would encourage enterprises to implement fundamental cyber security controls. By this point, you might think that all enterprises have adopted techniques like multi-factor authentication or SSO, but the reality might surprise you.
Experts posit that if the U.S. had offered a tax credit for the adoption of two-factor authentication years ago, the country may have been able to prevent certain large-scale cyber attacks, millions of dollars in data breach damages, and quite a bit of personal identity theft.
For businesses that have already implemented basic cyber security protocols, a second-tier tax credit would be available for implementation of advanced cyber security practices.
A third credit tier would reward organizations for extending cyber security education, opportunities, and solutions to other businesses. The credit would reward organizations for ‘good corporate citizenship.’
Because tax policy must acknowledge the fact that businesses are inter-dependent upon one another and that the business supply chain in any industry is highly complex, policy makers may wish to adopt a means of penalizing businesses that fail to make adequate efforts when it comes to cyber security preparedness.
While a structured tax policy will not resolve all security issues, it could break the regulatory logjam.
Get the full story from The Wall Street Journal. Lastly, to receive cutting-edge cyber security news, best practices and resources in your inbox each week, please sign up for the CyberTalk.org newsletter.