On Thursday, the U.S. Senate failed to pass a motion to end debate on the Cybersecurity Act of 2012 by a vote of 52-46. Sponsors were unable to muster the 60 votes required to move forward with the legislation, following heavy lobbying against the bill by the U.S. Chamber of Commerce, the financial industry, and other interested constituencies, and despite an aggressive, coordinated push from the White House. The vote was principally along party lines, with several notable exceptions. The press of election season and impending adjournment in September likely means the bill will not be taken up again until after the November elections.
From a financial, reputational, and national security standpoint, the mandate for critical infrastructure and other companies handling personal data remains the same. Companies need a top-down, forward-leaning, integrated, cross-border, robust information security strategy, which is implemented across corporate departments (not isolated in technology or legal), and reflects active engagement with third parties who connect to corporate networks and handle corporate data.