The U.S. government released a final version of standards intended to help companies better defend against cyber attacks. The question remains whether the private sector will voluntarily adopt these measures. The standards include broad benchmarks for companies to measure the effectiveness of their cyber defenses.
While knowledge of what to shoot for is good, some companies have said the standards alone do not go far enough to curb the problems associated with cyber attacks. Companies are looking for incentives to adopt these standards such as limiting shareholder suits when security breaches occur.
Most would agree that the standards are a step in the right direction. But a cybersecurity law is needed.