5 Essential Cybersecurity Regulations

January 16, 2020 • Shannon Flynn


As users share increasing amounts of their data online,
cybersecurity becomes more of a concern. Not only is individual internet usage
going up, but an increasing number of businesses are operating online. With all
this information out there on the web, it’s no wonder cybersecurity regulations
are a growing topic of conversation.

But what are these guidelines? And how necessary are they?

Do We Need Cybersecurity?

Cybersecurity is what it sounds like: processes we undergo to make our cyberspace secure. It includes everything from practicing safe internet habits to legislation that mandates online security protocols. Just as we use security measures to protect our physical homes and businesses, we can use cybersecurity to protect our data, networks, and devices. But do we need to?

Yes, we need cybersecurity. Annual data breaches in the U.S. have gone up from just
157 in 2005 to 1,244 in 2018. People and businesses store and share valuable
data like bank information and medical records online, presenting an
irresistible target for hackers. So what cybersecurity regulations are in place
to help keep this information safe?

Information Sharing Act 

The Cybersecurity Information Sharing Act, enacted in
2015, allows technology companies to share information with the government
to respond to potential threats sooner. The act aims to protect data by keeping
the government informed about potential risks and enabling them to act sooner
should a threat appear.

Homeland Security Act

Though not entirely focused on cybersecurity, the Homeland
Security Act does include regulations relating to internet safety. For example,
it requires government agencies to implement and maintain cybersecurity
policies. Some people doubt the effectiveness of this act, as it
applies mainly to the government, and not to internet companies.

California Consumer Privacy Act

The California Consumer Privacy Act, or CCPA, is a recently
passed state law geared toward the rights of consumers. It grants users in
California the right to know who can access their information and
how they can use it. While it’s not a nationwide regulation, this represents a
trend toward improving the protection of individuals’ data. 

Unlike other laws, the CCPA hopes to give users the option
to protect themselves instead of leaving that task to security forces. Under
it, consumers can choose to stop companies from selling their data to third

New York Cybersecurity Regulation

Another state, New York, has implemented state-specific
cybersecurity regulations to improve security in the financial sector. The
statute requires financial institutions to design and implement cybersecurity
measures. To ensure compliance, it also requires these entities to annually submit documentation of the protocols
they have put in place.

General Data Protection Regulation

Despite these two laws, the U.S. doesn’t have any regulations that apply to all
across all sectors. All requirements are only applicable
either to specific states or specific industries. The European Union differs in
that it has a broad set of policies called the General Data Protection
Regulation, or GDPR.

The GDPR affects all countries within the EU and any
foreign companies that conduct business with European citizens. These
regulations are not only broad but strict, carrying fines of up to €20 million, or 4%
of the global annual revenue.

Moving Forward

With internet safety being such a prevalent issue, we will likely see more cybersecurity regulations put in place. An increasing number of states are introducing legislation to address cybersecurity issues and resolutions. It may not be long until the U.S. enacts national policies.

Cybersecurity is a growing threat, and it deserves not only attention but action. If authorities, corporations and citizens alike work together, a safer internet may not be an unrealistic goal.