• Home
  • Latest
  • Fortune 500
  • Finance
  • Tech
  • Leadership
  • Lifestyle
  • Rankings
  • Multimedia

Trendingnow

1

Ex-PepsiCo CEO Indra Nooyi worked from midnight until 5 a.m. as a receptionist to pay for her Yale degree—and she says ‘respect went up’ because of it

2

Shark Tank's Kevin O'Leary says if he were 25 today, he'd chase these two booming opportunities in the world of AI

3

China’s birth rate just hit its lowest point since 1949—and Trip.com cofounder James Liang thinks that’s a threat to innovation

1

Ex-PepsiCo CEO Indra Nooyi worked from midnight until 5 a.m. as a receptionist to pay for her Yale degree—and she says ‘respect went up’ because of it

2

Shark Tank's Kevin O'Leary says if he were 25 today, he'd chase these two booming opportunities in the world of AI

3

China’s birth rate just hit its lowest point since 1949—and Trip.com cofounder James Liang thinks that’s a threat to innovation
Commentarycyber

The cybersecurity law that’s quietly keeping America safe is about to expire

By
Cynthia Kaiser
Cynthia Kaiser
Down Arrow Button Icon
By
Cynthia Kaiser
Cynthia Kaiser
Down Arrow Button Icon
August 17, 2025, 9:00 AM ET
Hands on keyboard
Cybersecurity is under threat.Getty Images
Add Fortune on Google for similar content.

The clock is ticking toward September 30, 2025, when one of America’s most vital cybersecurity protections will expire unless Congress acts. The Cybersecurity Information Sharing Act of 2015 (CISA 2015) has quietly become the backbone of our nation’s cyber defense. Without creating any additional regulations, it enabled the rapid sharing of threat intelligence between government and businesses that has prevented countless cyber attacks over the past decade. The Act’s protections have facilitated threat warnings to thousands of organizations just this year.  Its potential sunset threatens to unleash a wave of cyberattacks that will devastate the small and medium-sized businesses (SMBs) that form a foundational part of our economy.

Recommended Video

As someone who has worked on both sides—first leading public-private partnerships at the FBI and now facilitating industry collaboration—I’ve witnessed firsthand how CISA 2015 transformed our cybersecurity landscape. The law provides crucial liability protections that encourage companies to share threat indicators with the government and each other, while offering antitrust protection for industry-to-industry collaboration. Without these safeguards, the robust information sharing that has made American networks more secure simply stops.

The SMB Crisis Waiting to Happen

The consequences of letting CISA 2015 lapse will fall most heavily on America’s small and medium-sized businesses. Recent data from NetDiligence’s 2024 Cyber Claims Study shows that ransomware cost SMBs an average of $432,000 per attack. These businesses don’t have the cash reserves to weather extended downtime. At most, many can only survive three to four weeks of operational disruption before facing permanent closure.

According to industry analysis, small and medium enterprises represent 98% of cyber insurance claims while accounting for $1.9 billion in total losses, underscoring their vulnerability in today’s threat landscape. CISA 2015’s expiration will significantly weaken the early warning system that has helped businesses stay ahead of emerging threats. Without the government’s ability to share robust intelligence about new attack methods, SMBs become sitting ducks for cybercriminals who specifically target organizations that can’t afford to lose days or weeks.

Healthcare: Where Cybersecurity Becomes Life and Death

The stakes become particularly dire in healthcare, where ransomware attacks don’t just threaten profits—they threaten lives. The University of Minnesota School of Public Health’s experts estimate that ransomware attacks killed 42 to 67 Medicare patients between 2016 and 2021. These numbers represent a horrifying trend: threat actors deliberately target hospitals because they know healthcare systems will pay quickly to avoid putting patients at risk.

If information sharing degrades after CISA 2015’s sunset, hospitals–and all other critical infrastructure–very likely will lose crucial early warnings about ransomware variants and other attack methods. When a hospital’s systems are threatened, rapid information sharing matters. Minutes count in medical emergencies, and delays can be fatal.

Economic Ripple Effects 

The economic impact extends far beyond individual companies. SMBs make up the vast majority of (99%) businesses in the U.S., and employ nearly half of the private sector’s workforce. According to  the U.S. Chamber of Commerce, they’re responsible for 43.5% of our GDP, so their widespread failure would create devastating ripple effects throughout the economy. 

More concerning, America’s technological leadership depends on the robust threat intelligence sharing that CISA 2015 enables. Our cybersecurity companies lead the world precisely because they have access to comprehensive threat data that helps them develop superior products and services.

Other countries modeled its cybersecurity information sharing after our system, recognizing that America’s approach gives us a competitive advantage. If we allow this framework to collapse, we’re not just making individual businesses more vulnerable—we’re undermining the foundation of American cybersecurity leadership that other nations seek to emulate.

The Path Forward: Clean Reauthorization Now

There’s bipartisan agreement that CISA 2015 should be reauthorized, with experts from across the political spectrum recognizing its vital importance. DHS Secretary Kristi Noem has urgently called for reauthorization, emphasizing that public-private partnerships have grown stronger because of the information-sharing guidelines established in CISA 2015.

The cleanest path forward is a straightforward reauthorization while Congress works through any technical improvements. The core framework has proven its worth over a decade of operation, facilitating billions of dollars in prevented losses and creating a culture where information sharing is the default rather than the exception.

Beyond Politics: A National Security Imperative

In an era of political division, cybersecurity remains one of the few areas where Americans across the political spectrum can find common ground. We need to defend against constant attacks coming from the likes of Chinese actors using ransomware during SharePoint vulnerabilities to Iranian groups deploying ransomware as a political weapon to hundreds of criminal ransomware groups operating at any given time.

The solution isn’t more regulation or government overreach. It’s the collaborative approach that CISA 2015 has fostered. As I used to tell businesses when I was  at the FBI: we can’t help you if we don’t hear from others, and we can’t help others if we don’t hear from you. This principle of mutual aid and shared defense has made America stronger, and we cannot afford to abandon it now.

Congress must act before September 30. If we allow our cybersecurity information sharing framework to collapse it will devastate small businesses, endanger the sick, and undermine America’s position as the global leader in cybersecurity. The time for action is now, before the attacks that could have been prevented become the disasters we failed to stop.

The opinions expressed in Fortune.com commentary pieces are solely the views of their authors and do not necessarily reflect the opinions and beliefs of Fortune.

About the Author
By Cynthia Kaiser
See full bioRight Arrow Button Icon
Add Fortune on Google for similar content.

Latest in Commentary

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025

Most Popular

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Fortune Secondary Logo
Rankings
  • 100 Best Companies
  • Fortune 500
  • Global 500
  • Fortune 500 Europe
  • Most Powerful Women
  • World's Most Admired Companies
  • See All Rankings
  • Lists Calendar
Sections
  • Finance
  • Fortune Crypto
  • Features
  • Leadership
  • Health
  • Commentary
  • Success
  • Retail
  • Mpw
  • Tech
  • Lifestyle
  • CEO Initiative
  • Asia
  • Politics
  • Conferences
  • Europe
  • Newsletters
  • Personal Finance
  • Environment
  • Magazine
  • Education
Customer Support
  • Frequently Asked Questions
  • Customer Service Portal
  • Privacy Policy
  • Terms Of Use
  • Single Issues For Purchase
  • International Print
Commercial Services
  • Advertising
  • Fortune Brand Studio
  • Fortune Analytics
  • Fortune Conferences
  • Business Development
  • Group Subscriptions
About Us
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • Facebook icon
  • Twitter icon
  • LinkedIn icon
  • Instagram icon
  • Pinterest icon

Cynthia Kaiser is SVP of Halcyon’s Ransomware Research Center. She was formerly Deputy Director of the FBI’s cyber division.


Latest in Commentary

heat
Commentaryclimate change
McKinsey Global Institute: Climate planning has prioritized floods. Heat demands equal attention
By Sylvain Johansson, Mekala Krishnan, Kanmani Chockalingam and Annabel FarrJuly 7, 2026
21 hours ago
j
CommentaryEducation
AI didn’t break higher education—It exposed the credential trap
By Jason BenedictJuly 7, 2026
22 hours ago
e
CommentaryEntrepreneurship
I skipped college and founded a company at 18. Several exits later, this is what I learned
By Eric FranciaJuly 7, 2026
24 hours ago
mw
Commentaryregulation
Virtual Assets Regulatory Authority CEO: Finance’s AI future moves at the speed of its slowest regulator
By Matthew WhiteJuly 7, 2026
1 day ago
t
CommentaryParenting
Babylist CEO: The Trump Accounts gold rush is overlooking moms
By Natalie GordonJuly 6, 2026
2 days ago
e
CommentaryCorporate Governance
SpaceX’s supervoting shares put a decades-old governance debate back in play
By Jeffrey Sonnenfeld and Steven TianJuly 6, 2026
2 days ago

Most Popular

Ex-PepsiCo CEO Indra Nooyi worked from midnight until 5 a.m. as a receptionist to pay for her Yale degree—and she says ‘respect went up’ because of it
Success
Ex-PepsiCo CEO Indra Nooyi worked from midnight until 5 a.m. as a receptionist to pay for her Yale degree—and she says ‘respect went up’ because of it
By Preston ForeJuly 6, 2026
2 days ago
Shark Tank's Kevin O'Leary says if he were 25 today, he'd chase these two booming opportunities in the world of AI
AI
Shark Tank's Kevin O'Leary says if he were 25 today, he'd chase these two booming opportunities in the world of AI
By Marco Quiroz-GutierrezJuly 5, 2026
3 days ago
China’s birth rate just hit its lowest point since 1949—and Trip.com cofounder James Liang thinks that’s a threat to innovation
Asia
China’s birth rate just hit its lowest point since 1949—and Trip.com cofounder James Liang thinks that’s a threat to innovation
By Nicholas GordonJuly 7, 2026
1 day ago
Current price of oil as of July 7, 2026
Personal Finance
Current price of oil as of July 7, 2026
By Joseph HostetlerJuly 7, 2026
19 hours ago
Despite a $220 million net worth, Rafael Nadal says he won't retire because he hates waking up to no plans—so he's opened a chain of hotels instead
Success
Despite a $220 million net worth, Rafael Nadal says he won't retire because he hates waking up to no plans—so he's opened a chain of hotels instead
By Orianna Rosa RoyleJuly 7, 2026
1 day ago
Even as Elon Musk calls philanthropy ‘very hard,’ everyday Americans gave a record $617 billion—despite feeling the squeeze over the cost of living
Success
Even as Elon Musk calls philanthropy ‘very hard,’ everyday Americans gave a record $617 billion—despite feeling the squeeze over the cost of living
By Preston ForeJuly 4, 2026
4 days ago

© 2026 Fortune Media IP Limited. All Rights Reserved. Use of this site constitutes acceptance of our Terms of Use and Privacy Policy | CA Notice at Collection and Privacy Notice | Do Not Sell/Share My Personal Information
FORTUNE is a trademark of Fortune Media IP Limited, registered in the U.S. and other countries. FORTUNE may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.