Second, companies then need to adopt measures that address those supply chain vulnerabilities. As part of this step, they should take advantage of the strategy’s promise for public-private collaboration in the form of information-sharing, as well as practical guidance and support on how to navigate the cyber threat environment.
Third, companies need to recognize that one size will not fit all when it comes to cybersecurity. An important subtext of the strategy is its focus on establishing more aggressive regulatory standards on larger business, critical infrastructure, and software providers. The strategy categorically states that “the lack of mandatory requirements has resulted in inadequate and inconsistent outcomes” and that it will push for legislation to hold these firms “liable when they fail to live up to the duty of care they owe consumers, businesses, or critical infrastructure providers.
🧐