Ed McNicholas Examines Trends in Cybersecurity Law in Lexology Panoramic Cybersecurity 2024

In The News
February 28, 2024

In an article for Lexology Panoramic Cybersecurity 2024, data, privacy & cybersecurity co-lead Ed McNicholas examines how cybersecurity laws are rapidly evolving in light of the increased exposure to cyberthreats.

“Many countries have pursued a whole-of-government response to cybersecurity risk by pushing forward with aggressive criminal investigations, both domestically and internationally where possible,” said Ed. “In the United States, the approach to cybersecurity regulation and governance is largely sectoral, with different sets of requirements for healthcare, financial services, communications, nuclear, transportation, chemical, defense, energy and other sectors, which can result in siloed approaches to managing cyber risk that vary dramatically by sector.”

The FTC, state attorneys general, and other agencies empowered by specific statutory mandates have set the primary data security requirements for entities that are not in critical infrastructure sectors. The SEC has also adopted rules requiring public companies to disclose information regarding their cybersecurity risk management, strategy, and governance as part of the annual reporting requirements. Ed noted that these various laws “can leave companies unsure of how to interact with government agencies following a cyber incident.”

“We anticipate that cybersecurity will remain a top priority for companies in the years to come as the law continues to fashion new legal requirements that compel the development of further governance of cybersecurity risks,” said Ed.