Cybercrime is one of the most significant threats facing companies today. With the average cost of a data breach reaching an all-time high of $4.24 million, the business case for cybersecurity has never been stronger. Still, some businesses seem to misunderstand the urgency of meeting current cybersecurity standards.

It may help to consider the legal consequences of poor cybersecurity. While the United States has no comprehensive nationwide cybersecurity law, American companies can still face legal trouble if they fail to meet certain standards. Various state, industry, and international regulations still apply to many businesses.

Understanding how cybersecurity standards affect companies’ legal standing can help encourage tighter security. In that spirit, here’s a glimpse at how failure to meet various regulations can result in legal consequences.

Ramifications of International Regulations

Perhaps the most well-known cybersecurity law is the European Union’s General Data Protection Regulation (GDPR). While this is a European law, it can still apply to some U.S. companies. If a U.S. business partners with firms or stores data in the E.U. or collects European customers’ data, they may fall under the jurisdiction of the GDPR.

Similarly, China’s new Data Security Law applies to non-Chinese companies if they store data within China or collect it from Chinese citizens. While regulations like these may not affect most U.S. businesses, noncompliance can carry hefty ramifications for those that do.

Fines for noncompliance with the Chinese Data Security Law start around $15,000 and can reach as high as $1.55 million. The GDPR is similarly punitive, charging up to tens of millions of dollars in some situations. Under both, non-compliant companies could risk losing their license to operate in other countries, as well.

Industry-Specific Standards

Many specific industries carry their own cybersecurity regulations, as well. The most notable (Read more...)