Thank you.
Mr. Shipley, you talked about creating positive reasons for companies to implement a cybersecurity framework and inform the government. The government wants to force companies to do so under threat of monetary penalties.
Last week, a witness told us that tax incentives were needed. I asked him if we should switch things up, that instead of imposing monetary penalties, we should introduce tax incentives. He said no, that it was worth keeping the penalties for companies that didn't comply with the government's demands. Some companies may be concerned that this will create a lot of paperwork. So there's not a lack of willingness on the part of these companies to comply with these requests, but they are concerned about the delays and the costs that setting up such a framework could entail.
I imagine you consulted companies. What did you hear from them? Could a tax incentive be of interest to them?