Skip to content
2020s and beyond: what does the future hold for global cyber legislation?

News -

2020s and beyond: what does the future hold for global cyber legislation?

How will cyber legislation change in the next decade? Kat Sommer, our head of public affairs, explores why collaboration is crucial when it comes to the future of cyber security law around the world.

As the level of connectivity around the world increases, so does the associated level of risk. Governments have become increasingly aware of this over the last decade, and we’ve seen cyber security placed firmly on the legislative agenda as a result.

The scope and definition of cyber security has also evolved rapidly. From the protection of personally identifiable information (PII) to securing critical national infrastructure, there are many facets of security for governments to cover – a number that is only likely to increase in the future.

Already, a complex network of rules and regulations spanning jurisdictions around the world has been woven, and this will serve as the baseline for the future.

We’ve taken a look at some of the legislation in place today, and while this is by no means a comprehensive review, looking beyond our own borders at how other nations have addressed the shared challenge of cyber security could give us a glimpse of what the future could hold for global cyber legislation.

What does cyber legislation around the world currently look like?

Cyber legislation varies significantly between countries, shaped by their political systems, and culture, as well as their pace of digitisation and internet penetration. For example, African countries devising cyber crime legislation now are able to leapfrog a lot of the iterative approaches European countries have taken, and develop a more modern framework from the outset.

However, perhaps unsurprisingly when faced with similar challenges, there are shared themes across individual jurisdictions’ approaches to cyber legislation. Many governments are focusing on driving collaboration between policymakers, academia and the cyber security industry itself.

While consensus has seemingly been reached that leaving cyber resilience to market forces will not deliver the right outcomes, debate on the extent to which government intervention is required continues. This includes discussion on whether advice and guidance will suffice, or whether incentives to encourage desired behaviours could prove more effective than enforceable and sanctionable rules.

In light of often limited public sector resources and capacity, a considered approach needs to be taken when deciding on the areas in which government action can make the biggest difference, and where partnerships, or trusting the private and third sectors to pick up the slack, will offer the best value for money.

In the UK specifically, one significant driver of collaboration between industry, academia and government has been the establishment of the National Cyber Security Centre (NCSC) in 2016. By providing accessible advice, research and expertise, the NCSC now serves as a one-stop-shop for citizens, businesses, public sector and SMEs in the UK that are looking for cyber security guidance, as well as the clear technical authority to manage cyber incidents and offer advice to policymakers.

We have also seen cross-border collaboration increase in the past years, with the introduction of more data and security requirements that flow down from European level, such as the General Data Protection Regulation (GDPR) and the Network and Information Security (NIS) Directive.

There is also a question of the role of the cyber security industry in tackling emerging cyber threats. The Netherlands has a more unique approach to vulnerability disclosure, helping to mitigate common issues around the discovery, reporting and resolution of vulnerabilities. One example is the introduction of prosecutorial guidelines to safeguard security researchers better from criminal prosecution where they are acting in good faith.

We have also seen an increasingly robust approach to building business resilience in many parts of the world. For example, the Australian government has introduced the ASX 100 health check, which offers companies a baseline to assess themselves against, a model which has been replicated around the world.

In other countries, industry-specific advice and regulation is on the rise. For example, in the US, sectors such as aviation and healthcare benefit from specific security advice, which cover issues from how the government tackles cyber espionage to advice from the FDA for manufacturers of medical devices.

What does the future hold?

In a rapidly changing global cyber landscape, one thing is clear – there is no such thing as one ‘right’ approach to cyber security.

However, as cyber security threats and defensive capabilities continue to evolve over the next decade, it’s important that governments and businesses share knowledge and experiences even more openly.

By encouraging more cross-border collaboration between governments, businesses and the cyber security industry, global cyber legislation can be kept as up to date as possible and ultimately keep our global society safer.



Press contacts

NCC Group Press Office

NCC Group Press Office

Press contact All media enquires relating to NCC Group plc +44 7824 412 405
NCC Group - Financial Media Enquiries

NCC Group - Financial Media Enquiries

Press contact Maitland AMO Financial Results Media Enquiries +44 (0)20 7379 5151
Regional Press Office - North America

Regional Press Office - North America

Press contact +1 408 776 1400
Regional Press Office - Europe

Regional Press Office - Europe

Press contact +31 20 794 4737

Related content

Related events

NCC Group exists to make the world safer and more secure

In today’s threat landscape understanding the risks organisations and customers are exposed to is more important than ever.

Understanding the impact and how to be more resilient is key to protecting brand, reputation and sensitive customer information. Building a cyber-resilient organization can be a complex process but it’s not impossible.

With our knowledge, experience and global footprint, we help assess, develop and manage cyber resilience posture.

NCC Group Newsroom
XYZ Building, 2 Hardman Boulevard, Spinningfield
M3 3AQ Manchester
United Kingdom