Many regulators consider the growing tide of cyber incidents to be more of an abdication of corporate responsibility than a threat to national security.
With the number of data breaches continuing to mount, regulators were very active in policing cyber risks in 2014. Given the current cyber risk landscape and the fact that regulatory intervention in cyber security and privacy issues is one of the few areas of possible cooperation across the political aisle, U.S. companies should expect regulatory oversight to expand significantly over the next several years.
The most positive regulatory development of the past year was likely the renewed push for cyber risk information sharing between the U.S. government and the private sector. Broadly, information sharing improves cyber security by setting up dedicated public-private centers where national intelligence entities, law enforcement, and the private sector can quickly and securely share information on cyber threats, attacks, and trends.