When most attorneys think of cybersecurity, what often comes to mind are data breaches and ransomware—and that’s for good reason. In the last few months alone, major law firms such as Quinn Emanuel Urquhart & Sullivan, Bryan Cave Leighton Paisner, Gibson, Dunn & Crutcher, Loeb & Loeb and Orrick Herrington & Sutcliffe have all reported data breaches. The threat actors I mentioned in the first article are getting smarter, better and greedier. That’s why the first pillar in the White House’s National Cybersecurity Strategy is “defending critical infrastructure,” and the second is “disrupting and dismantling threat actors.”

Currently, regulatory gaps create an environment ripe for cybersecurity incidents, which is one reason the White House created the National Cybersecurity Strategy. And while this initiative is coming from the Biden Administration, it is not a political issue: This framework builds on the work of prior administrations, according to the White House. “It replaces the 2018 National Cyber Strategy but continues momentum on many of its priorities, including the collaborative defense of the digital ecosystem.” This is a regulatory issue and is designed to answer a glaring need in the market. Law firms, their clients and everyone else can expect to see historically federal cyber strategies and regulations start to flow down into the private sector, with new regulation inevitable.