Cybersecurity: A Practical Guide to the Law of Cyber Risk, authored by 20 experts in the field, provides the practical steps that can be taken to help your clients understand and mitigate today’s cyber risk and to build the most resilient response capabilities possible.
The book provides a comprehensive discussion of the complex quilt of federal and state statutes, Executive Orders, regulations, contractual norms, and ambiguous tort duties that can apply to this crucial new area of the law. For example, it describes in detail:
- The leading regulatory role the Federal Trade Commission has played, acting on its authority to regulate “unfair” or “deceptive” trade practices;
- The guidance issued by the SEC interpreting existing disclosure rules to require registrants to disclose cybersecurity risks under certain circumstances;
- The varying roles of other regulators in sector-specific regulation, such as healthcare, energy, and transportation; and
- The impact of preexisting statutes, such as the Computer Fraud and Abuse Act and the Electronic Communications Privacy Act, on current cybersecurity issues.
In addition, the authors have supplemented these more traditional sources of law with industry practices and the most important sources of soft law:
- An explanation of the National Institute of Standards and Technology (NIST) Cybersecurity Framework and information sharing environments from a former Department of Homeland Security official;
- The views of the U.S. Secret Service on partnering with federal law enforcement and effective information-sharing;
- The guidance of leading consultants about the appropriate steps to prepare for cybersecurity incidents;
- The perspective of a leading insurance company on the evolving role of insurance in protecting companies from the financial losses associated with a successful cyber breach; and
- The views of one of the most sophisticated incident response organizations on the proper elements of effective incident response.
Throughout, Cybersecurity: A Practical Guide to the Law of Cyber Risk
includes practice tools developed during the hundreds of breaches that the authors have weathered with their clients. These valuable practice aids include checklists, an overview of the legal consequences of a breach, and a tabletop exercise.