DES MOINES — U.S. Representative Zach Nunn (IA-03) today introduced bipartisan legislation to require coordination between federal agencies and private companies to prevent ransomware attacks. The Public and Private Sector Ransomware Response Coordination Act, co-led by U.S. Representative Josh Gottheimer (NJ-05), will establish private-public partnerships to avert and recover from the rapid increase in ransomware attacks on U.S. financial institutions.
“When I worked on the White House’s National Security Council, I witnessed the fundamental need to prioritize cybersecurity. Bad actors continue to attack the United States’ critical infrastructure costing companies not only time and money but also leaving a bad taste in the mouth of consumers,” said Rep. Nunn. “In order to address the evolving threat landscape, we must ensure critical infrastructure has the tools necessary to combat ransomware attacks and stay ahead of emerging threats.”
The United States has experienced a rapid increase in ransomware attacks because of the large financial payout and the relatively low risk and cost for the attacker. On average, a ransomware attack costs a company more than $5 million. From 2023 to 2024, the U.S. Director of National Intelligence noted that the frequency of global ransomware attacks increased by 67%. In 2023 alone, ransomware payments surpassed $1 billion. Preventing ransomware attacks requires a proactive, multi-layered approach to cybersecurity that combines technology, processes, and employee awareness.
“Ransomware attacks are incredibly costly — and increasingly common. These attacks pose a serious threat to both our national security and economy, and we must be prepared with a coordinated approach to prevent and effectively respond when they happen,” said Rep. Gottheimer. “That’s why I’m introducing the Public and Private Sector Ransomware Response Coordination Act with Congressman Zach Nunn. Our bipartisan legislation will bring government and industry experts together to develop a game plan that can reduce these attacks.”
In January of 2024, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) again emphasized the risks associated with evolving ransomware threats intended to disrupt critical infrastructure. CISA and the FBI urged public and private entities to implement cybersecurity defenses, conduct regular system backups, and enhance incident response plans.
The Public and Private Sector Ransomware Response Coordination Act will bolster national cybersecurity by improving threat detection, information sharing, response, and threat suppression of ransomware incidents. The bill will require the Secretary of the Treasury to submit a plan to Congress to improve U.S. response to ransomware attacks on financial institutions, including:
- Better coordination between the federal government and the private sector when responding to these attacks
- Faster response time to large-scale attacks
- Additional policy proposals to bolster public-private partnerships to combat ransomware
Text of the bill can be found here.
###