Former Cyber Leader of the FBI: The Cybersecurity Act which quietly provides America is about to expire

As a person who worked on both sides – first the main public -private partnerships at the FBI and now facilitating the collaboration of the industry – I saw in the first hand how CISA 2015 transformed our cybersecurity landscape. The law provides crucial responsibility protections that encourage companies to share threatening indicators with the government and each other, while providing antitrust protection for industry collaboration. Without these guarantees, the sharing of solid information that made the American networks more secure stops simply.

The SMB crisis waiting to occur

The consequences of the leash launch of the 2015 CISA will fall the most on small and medium -sized American enterprises. Recent data for the study of Netdiligence cyber-reclamations in 2024 show that ransomware cost $ 432,000 per attack on average. These companies do not have the cash reserves for metere prolonged downtime. At most, many can only survive three to four weeks of operational disruption before facing a permanent closure.

According to industry analysis, small and medium-sized enterprises represent 98% of cyber-assurance complaints, while representing $ 1.9 billion in total losses, highlighting their vulnerability in the landscape of threats today. The expiration of the 2015 CISA will considerably weaken the early alert system that has helped companies remain ahead of emerging threats. Without the government’s ability to share solid information on new attack methods, SMEs become ducks seated for cybercriminals that specifically target organizations that cannot afford to lose days or weeks.

Health: where cybersecurity becomes life and death

The challenges become particularly disastrous in health care, where ransomware attacks do not only threaten benefits – they threaten lives. Experts from the University of Minnesota School of Public Health estimate that ransomware attacks have killed 42 to 67 drugs between 2016 and 2021. These figures represent a horrible trend: threat actors deliberately target hospitals because they know that health systems will pay quickly to avoid putting patients in danger.

If the sharing of information degrades after sunset in the 2015 CISA, hospitals – and all other critical infrastructure – will probably lose crucial warnings on ransomware variants and other attack methods. When hospital systems are threatened, rapid information sharing is important. Minutes are counting in medical emergencies and delays can be deadly.

Effects of economic undulations

The economic impact extends far beyond sole proprietorship. SMEs are the vast majority of companies (99%) in the United States and employ almost half of the private sector workforce. According to the Chamber of Commerce of the United States, they are responsible for 43.5% of our GDP, so their widespread failure would create devastating training effects throughout the economy.

More worrying, American technological leadership depends on the sharing of information on the robust threats that Cisa 2015 allows. Our cybersecurity companies lead the world precisely because they have access to complete threats that help them develop higher products and services.

Other countries have modeled its sharing of information on cybersecurity after our system, recognizing that the approach of America gives us a competitive advantage. If we allow this framework to collapse, we do not only make individual individuals more vulnerable – we have the basics of American cybersecurity leadership that other nations seek to imitate.

The path in the long term: cleaning the reautivization now

There is a bipartite agreement according to which Cisa 2015 should be re -authorized, experts from the whole political spectrum recognizing its vital importance. DHS secretary, Kristi Noem, urgently called for re-authorization, stressing that public-private partnerships have become stronger due to the information guidelines established in CISA 2015.

The most clean path to follow is a simple reutorization while the congress works through any technical improvement. The central framework has proven its value over a decade of operation, facilitating billions of dollars in losses prevented and creating a culture where the sharing of information is the default rather than the exception.

Beyond the policy: a national security imperative

At a time of political division, cybersecurity remains one of the few areas where Americans through the political spectrum can find common ground. We have to defend ourselves against constant attacks from the Chinese actor using ransomware during SharePoint vulnerabilities to Iranian groups deployment of ransomware as a political weapon to hundreds of criminal ransom groups operating at any time.

The solution is no more regulation or exceeding the government. This is the collaborative approach that Cisa 2015 favored. As I said to companies when I was at the FBI: we cannot help you if we don’t hear others, and we cannot help others if we don’t hear you. This principle of mutual assistance and shared defense has made America stronger, and we cannot afford to abandon it now.

The congress must act before September 30. If we allow our framework for sharing information on cybersecurity to collapse, it will devastate small businesses, endanger the sick and undermine the position of America as the world leader in cybersecurity. The moment of action is now, before the attacks which could have been prevented from becoming the disasters that we have not stopped.

The opinions expressed in the Fortune.com comments are only the views of their authors and do not necessarily reflect the opinions and beliefs of Fortune.