Newsroom

NAFCU's Alexander Monterrubio reiterated the urgent need for a strong national data security standard for retailers and for information sharing in a letter Friday to the President's Commission on Enhancing National Cybersecurity.

Monterrubio, NAFCU's director of regulatory affairs, pointed to NAFCU's ongoing support for the work that NIST and the Presidential Cyber Commission are doing to coordinate public and private efforts to combat cyber threats. To spur the development of the groups' Framework for Improving Critical Infrastructure Cybersecurity, NAFCU is recommending the following:

• lower cybersecurity insurance costs by holding retailers accountable for data security lapses and thereby reducing third-party risk;
• create a federal hub for information sharing and cross-sector communication;
• establish a strong federal standard for retailers through the "Data Security Act" (H.R. 2205) so the cybersecurity burden can be shared across sectors; and
• promote multifactor authentication in the private sector, and making it a requirement for retailers.

"The root cause behind the recent data breaches at Target, Experian and Home Depot, has been the failure of retailers to manage third party risk," Monterrubio wrote. "National standards that hold retailers accountable for poor data security are necessary to promote best practices and protect customers."

Monterrubio also emphasized the need for retailers to disclose data security policies to consumers and to report data breaches within a defined timeframe.

In related news, NAFCU Regulatory Affairs Counsel Andrew Morris will attend the Sept. 19 public meeting of NIST's Commission on Enhancing National Cybersecurity, which will focus on the challenges and opportunities involved in securing the digital economy.