CISA 2015 Expiration Leaves US Businesses Vulnerable to Lawsuits, Weakens National Cyber Defenses
The Cybersecurity Information Sharing Act (CISA 2015) has expired, leaving US businesses vulnerable to lawsuits and potentially weakening national cybersecurity defenses. The lapse, a result of a government funding standoff, has raised concerns among cybersecurity professionals and industry leaders.
CISA 2015, which expired on September 30, 2025, provided legal protections for businesses sharing cyber threat data through the Automated Indicator Sharing Program (AIS). Its expiration has put this critical cybersecurity information sharing at risk, according to Saša Zdjelar, Chief Trust Officer of ReversingLabs. Andy Lunsford, CEO of BreachRx, described the situation as 'a crisis in the making', warning that some companies may halt data sharing without legal protections, creating 'dangerous blind spots' in cyber defense.
Representative Mike Gallagher had introduced a bill to extend CISA 2015, but the US Congress failed to vote on it before the deadline. The expiration is a result of a government funding standoff and a failure to reach an agreement between lawmakers, a 'textbook case of political dysfunction creating real vulnerabilities', as described by Zdjelar.
With CISA 2015 expired, companies are exposed to potential lawsuits and the nation's cybersecurity is at risk. Cybersecurity professionals and industry leaders urge lawmakers to swiftly address the issue and reinstate legal protections for threat data sharing.
Read also:
- Trump and Xi speak over the phone, according to China's confirmation.
- NVIDIA introduces Blackwell to the cloud and unveils the significant enhancement of GeForce Now at Gamescom 2025, marking a major step in cloud gaming technology.
- Strategies for Adhering to KYC/AML Regulations in India, a Leading Fintech Center (2024)
- Strategies for Poland, Ukraine, and NATO to combat unmanned Russian aerial threats.
