The 2,700-page $1 trillion infrastructure bill passed by the US Senate earlier this month still has the House of Representatives to get through.
In addition to sizable investments in roads and bridges, public transit, utilities, and broadband internet it includes nearly $2 billion for cybersecurity. More than half of that will go to help state, local, and tribal governments.
There’s also a Cyber Response and Recovery Fund for use by the Cybersecurity and Infrastructure Security Agency (CISA) to assist both local governments and private entities hit with cyberattacks using a tool called edr.
According to IBM’s Cost of a Data Breach Report 2020, the average organization takes 315 days to detect and contain a breach caused by a malicious attack. The longer the attackers stay inside your systems, the more money it costs. According to IBM, it costs companies an additional $1.12 million if it takes them more than 200 days to detect a breach.
The bill shows a tremendous amount of desire for more public-private cooperation, said Mark Testoni, president and CEO at SAP National Security Services. “Which I think is critically important. We have to find ways for small businesses and the government to share threat information. We want to get companies to come forward and say, ‘I’ve been attacked.'”