Cyber Statecraft Initiative Director Jason Healey writes for US News and World Report on why Warren Buffet may be the key to increasing support for the government’s cybersecurity efforts:
American companies are ignoring critical cyber-risks, so the White House is looking to persuade as many as possible to accept its Cybersecurity Framework, the biggest government cybersecurity effort in years, perhaps decades.
While some companies are signing up, many others are reticent to adopt this risk management plan, worried over high costs and complexity. To persuade them, the White House, the National Institute of Standards and Technology, the Department of Homeland Security and other agencies, have kicked around ideas – from regulation (not currently on the table) to public recognition, liability limitations or perhaps lower insurance rates for compliant companies. In launching the new framework, government cyberofficials are repeating the protracted, painful process they have used since the 1990s: going company to company to meet the managers who seem closest to the problem – network administrators or chief information security officers. Less often, they have pursued CEOs, and very rarely, board directors.
There is a simpler way – the road to Omaha.
The government’s cybersecurity effort should recall that unseen risks in a company affect (and may alarm) shareholders most of all. Since the administration believes companies are ignoring critical risks, the White House should therefore convince these investors by starting with the most famous one of all, Warren Buffett.