Download This PaperStrategies for Boosting Cybersecurity
58 Pages Posted: 21 Jun 2022
Date Written: June 1, 2022
Abstract
By many accounts, the worst year on record for data and system breaches was 2020; however, across numerous metrics such dubious distinction was topped in 2021. The growing epidemic of ransomware and other cyber-enabled incidents and attacks is causing policymakers and business leaders to consider how to both reward “reasonable” cybersecurity and disincentivize under-investment in cybersecurity best practices. Such steps are critical amidst a current cybersecurity landscape fraught with regulatory gaps, opaque self-regulation, and resource constraints, especially among small and medium sized businesses.
Bold and coordinated actions are needed to dislodge the unsustainable trend of increasingly damaging cyber attacks and to create a more holistically secure digital future. To meet such need, this Article proposes breaking the mandate-versus-self-regulation dichotomy by leveraging a tailored sticks and carrots tax approach to spur more universal investment in secure systems. The proposal includes a Federal Cybersecurity Investment Tax Credit, tailored and mapped to select entity types, combined with a tax on cyberinsecurity. The proposed incentive structure promotes the principle that businesses have basic cybersecurity responsibilities and fundamental duties to operate securely in a digital society. In addition, this Article introduces supplementary tools as part of an enhanced cybersecurity tax policy toolkit. Given the pressing national and global cyber risks, this Article jumpstarts a long-needed conversation about the operative use of tax policy to promote good governance and effective cybersecurity risk management.
Keywords: Cybersecurity, tax, risk management, cyberattack
Suggested Citation: Suggested Citation
Scott J. Shackelford
Indiana University - Kelley School of Business - Department of Business Law ( email )
Bloomington, IN 47405
United States
