Tax Breaks for Good Security
Congress is talking—it’s just talking, but at least it’s talking—about giving tax breaks to companies with good cybersecurity.
The devil is in the details, and this could be a meaningless handout, but the idea is sound. Rational companies are going to protect their assets only up to their value to that company. The problem is that many of the security risks to digital assets are not risks to the company who owns them. This is an externality. So if we all need a company to protect its digital assets to some higher level, then we need to pay for that extra protection. (At least we do in a capitalist society.) We can pay through regulation or liabilities, which translates to higher prices for whatever the company does. We can pay through directly funding that extra security, either by writing a check or reducing taxes. But we can’t expect a company to spend the extra money out of the goodness of its heart.
Stephen • October 13, 2005 8:59 AM
“we can’t expect a company to spend the extra money out of the goodness of its heart.”
Of course not, but that’s what laws and regulations are for; to force them to do what they would not otherwise. If lax security is hurting the nation as a whole, Congress would be in the right to force businesses to conform to higher standards without having to compensate them for doing so. Are companies getting handouts to conform with the Sarbanes-Oxley Act?