Cybercrime will carry a global price tag of $6 trillion by 2021, according to a Cybersecurity Ventures annual report. The National Security Agency warns that cybercriminals are “becoming more sophisticated and capable every day in their ability to use the Internet for nefarious purposes.” Yet many companies fail to take basic precautions, such as deleting expired accounts. Still, the United States lacks a comprehensive set of laws to protect information and critical systems from hackers. And meaningful, comprehensive cybersecurity legislation isn’t on the immediate congressional radar.
Unfortunately, cybersecurity has taken a backseat to privacy in our current national debate, in part because policymakers often conflate the issues and claim to be addressing both. Privacy and cybersecurity, however, are distinct. Privacy provides users with control over how businesses collect, use, and share their information. Cybersecurity prevents unauthorized parties from accessing, altering, or rendering unavailable their data, information systems, or connected devices.