Emerging Legal Frameworks Governing Cybersecurity
The laws governing cybersecurity in the US are predominantly based in broad and indirect legal precedent derived from the FTCA and Securities and Exchange Act of 1933. Much of the precedent that exists does not account for the realities of operating a technical business or the nature of the engineering activities necessary to support the business. Business leaders, and especially those at emerging tech companies with tight capital constraints, can avoid the risk introduced by government incompetence and inaccurate public signaling by taking careful, practical steps to demonstrate truly “reasonable” security measures were taken, outline what steps were taken in the context of business constraints, and avoid excessive costs incurred from overzealous managed service providers who may not be aware of the needs of the business.