Alaap B. Shah and Brian G. Cesaratto, Members of the Firm in the Health Care & Life Sciences and Employment, Labor & Workforce Management practices, respectively, co-authored an article in OneTrust DataGuidance, titled “USA: Future of Cybersecurity Law and Regulation.”
Following is an excerpt:
In today's digital economy, nearly every organization, whatever the industry, is reliant on digital infrastructure and internet connectivity. As a result, organizations are constantly vulnerable to cyberattacks such as phishing, fraud, and ransomware, and struggle to achieve adequate levels of cybersecurity preparedness and resiliency in the face of emerging threats. At the same time, many organizations are subject to existing regulatory requirements to safeguard private, health, financial, and other protected information from cyberattacks.
In the face of these rapidly evolving cybersecurity risks, laws and regulations may seek to anticipate how best to protect the public but often lag behind technology innovations and the evolving threat landscape (e.g., the proliferation of powerful artificial intelligence [AI] applications). Indeed, state and federal regulations mandating cybersecurity safeguards and breach reporting remain, in significant ways, a patchwork of differing and disjointed requirements. Existing laws may lack incentives for robust compliance or for voluntary timely threat information sharing and coordination that leave entities more vulnerable to compromises, including in its supply chain. These trends will continue to shape how regulators approach harmonizing policy moving forward, relative to protecting critical infrastructure, promoting private-public cooperation, and strengthening cybersecurity resiliency and preparedness up and down the supply chain for businesses, as well as the effectiveness of those efforts.