The cybersecurity and data privacy landscape continues to change, creating significant new risks for businesses across economic sectors. New types of litigation are emerging, new regulatory regimes are entering into force, and new laws promise yet further compliance challenges in the future. At the same time, a wide range of threat actors are launching more complex and more consequential attacks against multinational businesses, further raising the stakes.
The complex and changing cybersecurity and data privacy landscape puts pressure on companies to be flexible and agile, and rewards businesses that can anticipate emerging trends. We discuss some of these important challenges in our new practical guide, Cybersecurity and Data Privacy: Navigating a Constantly Changing Landscape. While not intended to be comprehensive, this guide highlights developments and priorities for businesses on a range of key topics, from the compliance challenges posed by new regimes such as the EU General Data Protection Regulation and the New York’s financial services regulations, to growing expectations for due diligence in mergers and acquisitions, to evolving threats that demand thorough response playbooks. Across these issues, three themes emerge.
- First, regulatory requirements—and corresponding compliance burdens—are continuing to expand globally, both with respect to generally applicable requirements and sector-specific rules. The capacity to handle changing compliance obligations is itself now a key part of effective cybersecurity and data privacy governance.
- Second, cybersecurity and data privacy challenges are growing increasingly prominent in a wider variety of contexts than ever before. These issues are increasingly important, for example, in public company reporting, mergers and acquisitions, and product development.
- Third, changes in the threats companies face are driving corresponding changes in legal risks. Litigation risk, for example, goes well beyond traditional data breaches and challenges to online collection of data. Likewise, the sheer diversity of risks is making incident response preparation even harder, making it ever more valuable to develop appropriate internal tools.
We discuss these and other themes in this handbook and hope that these discussions are relevant to the specific cybersecurity and data privacy issues your business faces. We have greatly appreciated the positive response to our prior handbooks—Staying Ahead of the Curve: Cybersecurity and Data Privacy—Hot Topics for Global Businesses (2017), Cybersecurity Regulation: Governing Frameworks and Emerging Trends (2016), and Preparing For and Responding To a Computer Security Incident: Making the First 72 Hours Count (2015).
Rajesh De and Stephen Lilley share highlights from our most recent guide, Cybersecurity and Data Privacy: Navigating a Constantly Changing Landscape.
Marcus Christian shares highlights from our most recent guide, Cybersecurity and Data Privacy: Navigating a Constantly Changing Landscape, discussing key topics from the chapter State Cyber and Privacy Law: Sweeping Change and Gradual Evolution.
Laura Richman discusses when and what to disclose about cyber risks and incidents to the SEC, highlighting key topics from the chapter Disclosing Cyber Risks and Incidents: SEC Guidance and Enforcement.
Jeffrey Taft and Lawrence Hamilton discuss the NYDFS cybersecurity regulations highlighting key topics from the chapter NYDFS Cybersecurity Regulations One Year In.