Document Type


Publication Title

Emory Corp. Governance & Accountability Rev. Perspectives

Publication Date



Using enforcement actions and guidance materials from the Securities and Exchange Commission and the Federal Trade Commission, Forrest E. Lind III compares the agencies' approaches to cybersecurity regulation, forecasts the future of cybersecurity regulation, and discusses how the increase in cybersecurity regulations will affect regulated entities. The adequacy of a company's cybersecurity measures is a growing source of liability because the SEC has begun punishing companies based on how they anticipate, and respond to, cyberattacks. This Perspective analyzes the character of the agencies' actions and finds that the SEC will be a more aggressive enforcer than the FTC. After noting the FTC's history with cybersecurity measures, Lind points out the differences between the SEC and FTC to support his prediction that the SEC will play a prominent role in future cybersecurity regulation. Lind concludes by suggesting governance-based strategies for complying with SEC and FTC cybersecurity regulations.

First Page