5 Essential Cybersecurity Regulations

January 16, 2020 • Shannon Flynn


As users share increasing amounts of their data online, cybersecurity becomes more of a concern. Not only is individual internet usage going up, but an increasing number of businesses are operating online. With all this information out there on the web, it’s no wonder cybersecurity regulations are a growing topic of conversation.

But what are these guidelines? And how necessary are they?

Why Do We Need Cybersecurity?

Cybersecurity is what it sounds like: processes we undergo to make our cyberspace secure. It includes everything from practicing safe internet habits to legislation that mandates online security protocols. Just as we use security measures to protect our physical homes and businesses, we can use cybersecurity to protect our data, networks, and devices. But do we need to?

Yes, we need cybersecurity. Annual data breaches in the U.S. have gone up from just 157 in 2005 to 1,244 in 2018. People and businesses store and share valuable data like bank information and medical records online, presenting an irresistible target for hackers. So what cybersecurity regulations are in place to help keep this information safe?

Cybersecurity Information Sharing Act 

The Cybersecurity Information Sharing Act, enacted in 2015, allows technology companies to share information with the government to respond to potential threats sooner. The act aims to protect data by keeping the government informed about potential risks and enabling them to act sooner should a threat appear.

Homeland Security Act

Though not entirely focused on cybersecurity, the Homeland Security Act does include regulations relating to internet safety. For example, it requires government agencies to implement and maintain cybersecurity policies. Some people doubt the effectiveness of this act, as it applies mainly to the government, and not to internet companies.

California Consumer Privacy Act

The California Consumer Privacy Act, or CCPA, is a recently passed state law geared toward the rights of consumers. It grants users in California the right to know who can access their information and how they can use it. While it’s not a nationwide regulation, this represents a trend toward improving the protection of individuals’ data. 

Unlike other laws, the CCPA hopes to give users the option to protect themselves instead of leaving that task to security forces. Under it, consumers can choose to stop companies from selling their data to third parties.

New York Cybersecurity Regulation

Another state, New York, has implemented state-specific cybersecurity regulations to improve security in the financial sector. The statute requires financial institutions to design and implement cybersecurity measures. To ensure compliance, it also requires these entities to annually submit documentation of the protocols they have put in place.

General Data Protection Regulation

Despite these two laws, the U.S. doesn’t have any regulations that apply to all states across all sectors. All requirements are only applicable either to specific states or specific industries. The European Union differs in that it has a broad set of policies called the General Data Protection Regulation, or GDPR.

The GDPR affects all countries within the EU and any foreign companies that conduct business with European citizens. These regulations are not only broad but strict, carrying fines of up to €20 million, or 4% of the global annual revenue.

Moving Forward

With internet safety being such a prevalent issue, we will likely see more cybersecurity regulations put in place. An increasing number of states are introducing legislation to address cybersecurity issues and resolutions. It may not be long until the U.S. enacts national policies.

Cybersecurity is a growing threat, and it deserves not only attention but action. If authorities, corporations and citizens alike work together, a safer internet may not be an unrealistic goal.