The cybersecurity and data privacy landscape continues to change, creating significant new risks for businesses across economic sectors. New types of litigation are emerging, new regulatory regimes are entering into force, and new laws promise yet further compliance challenges in the future. At the same time, a wide range of threat actors are launching more complex and more consequential attacks against multinational businesses, further raising the stakes.

The complex and changing cybersecurity and data privacy landscape puts pressure on companies to be flexible and agile, and rewards businesses that can anticipate emerging trends. We discuss some of these important challenges in our new practical guide, Cybersecurity and Data Privacy: Navigating a Constantly Changing Landscape. While not intended to be comprehensive, this guide highlights developments and priorities for businesses on a range of key topics, from the compliance challenges posed by new regimes such as the EU General Data Protection Regulation and the New York's financial services regulations, to growing expectations for due diligence in mergers and acquisitions, to evolving threats that demand thorough response playbooks. Across these issues, three themes emerge.

  • First, regulatory requirements—and corresponding compliance burdens—are continuing to expand globally, both with respect to generally applicable requirements and sector-specific rules. The capacity to handle changing compliance obligations is itself now a key part of effective cybersecurity and data privacy governance.
  • Second, cybersecurity and data privacy challenges are growing increasingly prominent in a wider variety of contexts than ever before. These issues are increasingly important, for example, in public company reporting, mergers and acquisitions, and product development.
  • Third, changes in the threats companies face are driving corresponding changes in legal risks. Litigation risk, for example, goes well beyond traditional data breaches and challenges to online collection of data. Likewise, the sheer diversity of risks is making incident response preparation even harder, making it ever more valuable to develop appropriate internal tools.

We discuss these and other themes in this handbook and hope that these discussions are relevant to the specific cybersecurity and data privacy issues your business faces. We have greatly appreciated the positive response to our prior handbooks— Staying Ahead of the Curve: Cybersecurity and Data Privacy—Hot Topics for Global Businesses (2017),  Cybersecurity Regulation: Governing Frameworks and Emerging Trends (2016), and  Preparing For and Responding To a Computer Security Incident: Making the First 72 Hours Count (2015).

Request a copy

Visit us at

Mayer Brown is a global legal services provider comprising legal practices that are separate entities (the "Mayer Brown Practices"). The Mayer Brown Practices are: Mayer Brown LLP and Mayer Brown Europe – Brussels LLP, both limited liability partnerships established in Illinois USA; Mayer Brown International LLP, a limited liability partnership incorporated in England and Wales (authorized and regulated by the Solicitors Regulation Authority and registered in England and Wales number OC 303359); Mayer Brown, a SELAS established in France; Mayer Brown JSM, a Hong Kong partnership and its associated entities in Asia; and Tauil & Chequer Advogados, a Brazilian law partnership with which Mayer Brown is associated. "Mayer Brown" and the Mayer Brown logo are the trademarks of the Mayer Brown Practices in their respective jurisdictions.

© Copyright 2018. The Mayer Brown Practices. All rights reserved.

This Mayer Brown article provides information and comments on legal issues and developments of interest. The foregoing is not a comprehensive treatment of the subject matter covered and is not intended to provide legal advice. Readers should seek specific legal advice before taking any action with respect to the matters discussed herein.