Skip to content

menu

Open Legal Blog Archive logo
HomeAboutBlogsFAQsSubmit

Cybersecurity Law and Regulatory Predictions for 2018

By Avi Gesser & Elizabeth A. Tippett on December 29, 2017

The new year is fast approaching.  2017 has been a year of major cyber incidents, including the Equifax breach.  Cybersecurity will continue to be a top concern for companies in the new year.  Avi Gesser spoke with Markets Media about his outlook for cybersecurity law and regulation in 2018.

Which hot topics/hype should be retired at the end of 2017?
The idea from 2017 that should be retired is that some new software innovation is going to solve your cyber-security issues.  Tech is important, but good cybers-security requires attention from everyone in the organization.  Companies are learning that having good cyber policies, procedures, and training is just as important as the latest software.

What do you view as the most important lesson of 2017?
The most important lesson of 2017 in cybersecurity is that delays in breach notification make bad situations worse.

What do you expect to be the skill sets most in demand in 2018?
The most important skill set in 2018 will be cyber-security governance – the ability to significantly reduce an organization’s cyber-risk through non-tech changes to policies, procedures, training, reporting lines, etc.

What changes do you expect to see in 2018?
For cybersecurity, I see three big developments in 2018:

  • State, federal, and international regulators are going to get serious about breach notification.  We are going to see demands for increasingly prompt breach notification to both regulators and affected parties, and companies being fined for failing to meet their breach notification obligations.
  • The New York Department of Financial Services is going to become a major player in cybersecurity investigations and enforcement, and its new rules will likely become a model for state and federal cyber regulators.
  • On the litigation side, class action securities cases are going to become a major issue for companies that have experienced a breach.
  • Posted in:
    Privacy & Data Security
  • Blog:
    Cyber Blog
  • Organization:
    Davis Polk & Wardwell LLP

Open Legal Blog Archive, Inc. logo
Seattle, Washington
Copyright © 2026, Open Legal Blog Archive, Inc. All Rights Reserved.
Law blog design & platform by LexBlog LexBlog Logo