Carl Court/Getty Images
show image

GlobalData Technology

Providing actionable insight into the technology industry

From the UK’s new threat strategy to California’s GDPR: the key regulatory trends in cyber security

Most organisations are putting their faith in artificial intelligence to improve threat intelligence, prediction, and protection. It is also providing cover for the continuing cyber security skills gap. Despite AI’s potential for good, future AI-driven attacks are likely. The Covid-19 pandemic has highlighted why cyber naïve remote-workers need security awareness training to thwart hacker attacks. Attackers will target immature technologies, including 5G communications, smart cities, and the IoT are all at risk.

Listed below are the key regulatory trends impacting the cyber security industry, as identified by GlobalData.

California’s own GDPR

The May 2018 introduction of Europe’s GDPR has proved to be a worldwide catalyst for data protection regulation, with several countries following suit. From 1 January 2020, Californian consumers, vendors, and foreign companies selling into the state have to respect the new California Consumer Privacy Act (CCPA). The act has teeth, and its introduction will be monitored closely by tech companies operating in Silicon Valley. However, as with GDPR, corporate lawyers will do their level best to test its scope or find ways around it.

The UK’s new cyber strategy

The UK government is reviewing its national cyber security strategy ahead of the creation of a new plan. A key focus of the current plan is ensuring all organisations in the UK are effectively managing their cyber risk so that the UK economy is safe, secure, and prosperous. A Department for Culture, Media, and Sport (DCMS) Regulation and Incentives Review in 2016 concluded that GDPR and the European Directive on Security of Network and Information Systems (NIS Directive) had the potential to drive improved cyber security behaviours.

US federal plan will drive more government cyber spending

A bipartisan commission charged with recommending a reorganisation of the US federal government’s cyber security operations wants to see the appointment of a national cyber director. The recommendation for the new position comes from the Cyberspace Solarium Commission, which has argued the appointment is needed to ensure federal agencies are adequately protecting themselves against cyber attacks. Among its other recommendations, the commission wants to reform the US government’s structure and organisation for cyber space. It also recommends congress create a cyber state of distress that is accompanied by a cyber response and recovery fund.

Cyber bills pass through US congress

The US government has stepped up its legislative activity and enacted several laws to try and reduce its vulnerability to cyber attacks. Cyber security-related bills for Washington departments and agencies to prevent cyber breaches include the Cybersecurity Vulnerability Remediation Act, which would allow the Department of Homeland Security’s cyber security agency to issue protocols to mitigate vulnerabilities, the Federal Risk Authorization and Management Program, which enables the US federal government to access cloud computing services using a risk-based approach, and the 2019 IoT Cybersecurity Improvement Act, which gives the National Institute of Standards and Technology the authority to manage IoT cybersecurity risks for devices acquired by the federal government.

This is an edited extract from the Cybersecurity – Thematic Research report produced by GlobalData Thematic Research.