Cybersecurity and data privacy presented some of the most complex legal questions and business risks that multinational companies faced in 2018. Businesses should expect continued growth in cyber and data privacy challenges in 2019.
Cyber attacks became even more sophisticated and severe in 2018, with incidents ranging from exfiltration and extortion schemes, to attacks on critical infrastructure, threats to connected products, and vast data breaches. Even technically simple (but often highly costly) business email compromise attacks spiked in 2018, underscoring the continuing importance of implementing defensive best practices. The data privacy landscape also continued to grow more complex, as the General Data Protection Regulation (“GDPR”) went into force in the European Union (“EU”)—and affected business practices around the globe. Other jurisdictions are already following suit, passing similar laws that will require significant compliance efforts.
2019 is poised to continue this trend of increasing complexity—and consequences—for cybersecurity and data privacy challenges. The adoption and new use cases for disruptive technologies—whether autonomous vehicles, artificial intelligence, connected products or much more—will help drive the evolution of the cybersecurity and data privacy legal landscape, along with the introduction of new regulatory regimes, expanding litigation risk and scrutiny from policy makers across jurisdictions.
The stakes are high. A report issued by the White House Council of Economic Advisers in 2018 estimated that malicious cyber activity cost the US economy between $57 billion and $109 billion in 2016 alone. For individual companies, the effects can be devastating. Cyber incidents have led to the departure of companies’ most senior executives, disrupted mergers and acquisitions, and caused massive financial and reputational costs. Data privacy compliance issues have resulted in both substantial legal penalties and loss of the consumer trust on which companies depend.
Against this background, key cybersecurity and data privacy issues for multinational companies in 2019 will include:
- Managing Cyber Incidents Across Borders
- Continued Regulatory Pressure on Cybersecurity and Data Privacy
- Expanding Cybersecurity and Data Privacy Litigation
- Increasing Adoption of Comprehensive Data Privacy Regimes
- Focus on Data Privacy and Cybersecurity Policy