Our privacy and cybersecurity colleagues at Morgan Lewis have offered their insights into the shared responsibility of the government and the private sector in adopting effective information security practices and the need for a tailored, flexible approach to cybersecurity regulation. In their Bloomberg Law Privacy and Security Law Report entry, The Government’s Role in Promoting and Leading Effective Cybersecurity, Morgan Lewis partner Mark Krotoski and associate Martin Hirschprung highlight several recent cyberattacks, discuss cooperation efforts between the government and private sectors, provide an overview of the current US regulatory landscape, and identify their recommendations for key factors the government should consider to streamline and reduce the burden of cybersecurity regulations while still promoting effective cybersecurity.
Among other highlights, the piece includes a description of the interdependency of the public and private sectors when it comes to cybersecurity and the resulting alignment in interests and incentives for collaboration with respect to cybersecurity initiatives. However, they note that the US approach to data protection law, which provides a “patchwork” of cybersecurity regulations by industry on a sector-by-sector basis, rather than a centralized, dedicated data protection law (e.g. the EU), has resulted in inconsistent regulators, multiple enforcers, and varying standards. “Rather than promoting compliance,” they write, “it becomes costly and burdensome.”
Mark and Martin posit that the government can better incentivize and promote effective cybersecurity through streamlined regulation designed to provide a consistent approach across sectors, which would have the effect of reducing the regulatory burden on the private sector.
Please take the time to give the article a full read here.