Cybersecurity
Article

New Cybersecurity Regulations Are Coming. Here’s How to Prepare.

by
Harvard Business Review
October 3, 2022
Download PDF
Get Unlimited Access

You are puchasing a Digital Access Subscription. You will be automatically charged $9.99 every 28 days for one year. Your subscription will continue until you cancel. By subscribing, you are accepting the Automation Alley Terms of Service, Privacy Policy, and Terms of Sale.

SubscribeBecome a Member

Summary

New cybersecurity regulations and enforcement are coming at both the state and federal level in the U.S. and around the world. But companies don't need to wait for these rules to be implemented in order to prepare. Rather, they need to be working now to understand the kinds of regulations that are presently being considered, ascertain the uncertainties and potential impacts, and prepare to act.

Cybersecurity has reached a tipping point. After decades of private-sector organizations more or less being left to deal with cyber incidents on their own, the scale and impact of cyberattacks means that the fallout from these incidents can ripple across societies and borders.

Now, governments feel a need to “do something,” and many are considering new laws and regulations. Yet lawmakers often struggle to regulate technology — they respond to political urgency, and most don’t have a firm grasp on the technology they’re aiming to control. The consequences, impacts, and uncertainties on companies are often not realized until afterward.

In the United States, a whole suite of new regulations and enforcement are in the offing: the Federal Trade Commission, Food and Drug Administration, Department of Transportation, Department of Energy, and Cybersecurity and Infrastructure Security Agency are all working on new rules. In addition, in 2021 alone, 36 states enacted new cybersecurity legislation. Globally, there are many initiatives such as China and Russia’s data localization requirements, India’s CERT-In incident reporting requirements, and the EU’s GDPR and its incident reporting.

Harvard Business Review
Harvard Business Review

Harvard Business Publishing (HBP) was founded in 1994 as a not-for-profit, wholly-owned subsidiary of Harvard University, reporting into Harvard Business School. Our mission is to improve the practice of management in a changing world. This mission influences how we approach what we do here and what we believe is important.

Related
Become a Member