In an article for Lexology Panoramic Cybersecurity 2024, data, privacy & cybersecurity co-lead Ed McNicholas examines how cybersecurity laws are rapidly evolving in light of the increased exposure to cyberthreats.
“Many countries have pursued a whole-of-government response to cybersecurity risk by pushing forward with aggressive criminal investigations, both domestically and internationally where possible,” said Ed. “In the United States, the approach to cybersecurity regulation and governance is largely sectoral, with different sets of requirements for healthcare, financial services, communications, nuclear, transportation, chemical, defense, energy and other sectors, which can result in siloed approaches to managing cyber risk that vary dramatically by sector.”
The FTC, state attorneys general, and other agencies empowered by specific statutory mandates have set the primary data security requirements for entities that are not in critical infrastructure sectors. The SEC has also adopted rules requiring public companies to disclose information regarding their cybersecurity risk management, strategy, and governance as part of the annual reporting requirements. Ed noted that these various laws “can leave companies unsure of how to interact with government agencies following a cyber incident.”
“We anticipate that cybersecurity will remain a top priority for companies in the years to come as the law continues to fashion new legal requirements that compel the development of further governance of cybersecurity risks,” said Ed.
Stay Up To Date with Ropes & Gray
Ropes & Gray attorneys provide timely analysis on legal developments, court decisions and changes in legislation and regulations.
Stay in the loop with all things Ropes & Gray, and find out more about our people, culture, initiatives and everything that’s happening.
We regularly notify our clients and contacts of significant legal developments, news, webinars and teleconferences that affect their industries.