Alaap B. Shah and Brian G. Cesaratto, Members of the Firm in the Health Care & Life Sciences and Employment, Labor & Workforce Management practices, respectively, co-authored an article in OneTrust DataGuidance, titled “USA: Future of Cybersecurity Law and Regulation.”

Following is an excerpt:

In today's digital economy, nearly every organization, whatever the industry, is reliant on digital infrastructure and internet connectivity. As a result, organizations are constantly vulnerable to cyberattacks such as phishing, fraud, and ransomware, and struggle to achieve adequate levels of cybersecurity preparedness and resiliency in the face of emerging threats. At the same time, many organizations are subject to existing regulatory requirements to safeguard private, health, financial, and other protected information from cyberattacks.  

In the face of these rapidly evolving cybersecurity risks, laws and regulations may seek to anticipate how best to protect the public but often lag behind technology innovations and the evolving threat landscape (e.g., the proliferation of powerful artificial intelligence [AI] applications). Indeed, state and federal regulations mandating cybersecurity safeguards and breach reporting remain, in significant ways, a patchwork of differing and disjointed requirements. Existing laws may lack incentives for robust compliance or for voluntary timely threat information sharing and coordination that leave entities more vulnerable to compromises, including in its supply chain. These trends will continue to shape how regulators approach harmonizing policy moving forward, relative to protecting critical infrastructure, promoting private-public cooperation, and strengthening cybersecurity resiliency and preparedness up and down the supply chain for businesses, as well as the effectiveness of those efforts. 

Jump to Page

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.