Cybersecurity regulation insights

Cyber regulation in the Americas encompasses a wide range of laws to address growing cyber threat challenges, protect individual privacy, and safeguard organisational security in the digital realm.

In the United States, key federal regulations governing cyber compliance and reporting include the SEC cyber disclosure rule, the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), the North American Electric Reliability Corporation Critical Infrastructure Protection plan (NERC CIP) and TSA security directives 1 and 2. At the state level, the New York Department of Financial Services (NYSDFS) Part 500 cyber regulation and the California Consumer Privacy Act (CCPA) regulations have been among the most influential.

In Canada, both privacy and cybersecurity regulations have been undergoing changes. Currently privacy regulations such as the Personal Information Protection and Electronic Documents Act (PIPEDA) sets out rules for the collection, use, and disclosure of personal information at a national level, while the provinces have established their own requirements. Cybersecurity regulations are defined by sector, and regulators such as OSFI continue to focus on topics like third party risk management, resilience, insider risk and foreign interference, proactive risk management and breach reporting. 

In Latin America, countries like Brazil, Mexico, and Argentina have enacted comprehensive data protection laws inspired by the European Union's General Data Protection Regulation (GDPR). These laws establish principles for the processing of personal data, grant individuals certain rights over their data, and impose obligations on organisations to protect personal information.

Learn more about the latest cyber regulation in the Americas:

• US SEC’s cyber disclosure rule
• NYSDFS Part 500 cybersecurity regulation are now final
• US Cyber reporting for critical infrastructure: CISA proposal raises many questions, invites comments
• Canada's OSFI I-CRT Framework to strengthen cyber defences

With the rapid advancement of technology, and the increasing interconnectedness of societies, countries in the Asia Pacific region have recognised the need for robust cyber regulations to protect against cybercrime, data breaches and other malicious activities. These regulations are designed to establish clear guidelines for the collection, use and protection of personal data, as well as promote cybersecurity best practices across various sectors. Examples include Australia’s Privacy Act, Singapore's Personal Data Protection Act and the Cybersecurity Act.

Each country in the region has implemented its own set of laws and regulations to safeguard digital assets and ensure the trust and confidence of individuals and businesses in the online environment. By staying at the forefront of cyber regulation, the Asia Pacific region is actively working towards creating a secure and resilient digital ecosystem that fosters innovation and economic growth while mitigating the risks associated with cyber threats.

Learn more:

• Australia's 2023 Privacy Act Review Report
• Singapore's Personal Data Protection Act (PDPA)
• Japan's 2023 Amendment to the Act on the Protection of Personal Information (APPI)
• India's Digital Personal Data Protection Act 2023
• China's First Personal Information Protection Law