•  
  •  
 

University of Miami Law Review

Abstract

Cyberattacks, data breaches, and ransomware continue to pose major threats to businesses, governments, and health and educational institutions worldwide. Ongoing successful instances of cybercrime involve sophisticated attacks from diverse sources such as organized crime syndicates, actors engaged in industrial espionage, nation-states, and even lone wolf actors having relatively few resources. Technological innovation continues to outpace the ability of U.S. law to keep pace, though other jurisdictions including the European Union have been more proactive. Nation-state and international criminal group ransomware attacks continue; Sony’s systems were hacked by a ransomware group; MGM Resorts disclosed that recovery from their September 2023 hack may ultimately cost more than $100 million; serious server software Log4j exploit became evident; U.S. embassy phones are hacked; cyberwarfare is deployed by Russia in their invasion of Ukraine; and theft of valuable intellectual property due to cybersecurity breaches are reported.

This Article proceeds in seven parts. First, it provides an overview of the cyber threat environment. Second, it discusses the current cybersecurity legal landscape. Third, it introduces cybersecurity and corporate governance. Fourth, it discusses how corporate directors govern cybersecurity. Fifth, it explores the emerging cyber threat from nation-states and the impact of geopolitics on business. Sixth, it focuses on issues involved in identifying and responding to digital attacks. And last, it concludes. This Article adds to the important body of cybersecurity literature that explores the roles of government and business, particularly corporate directors, in the governance of data security.

Download

Share

COinS