Cybersecurity for Idiots

106 Minnesota Law Review Headnotes __ (2021 Forthcoming)

Arizona Legal Studies Discussion Paper No. 21-04

31 Pages Posted: 19 Mar 2021

See all articles by Derek E. Bambauer

Derek E. Bambauer

University of Florida Levin College of Law

Date Written: March 18, 2021


Cybersecurity remains a critical issue facing regulators, particularly with the advent of the Internet of Things. General-purpose security regulators such as the Federal Trade Commission continually struggle with limited resources and information in their oversight. This Essay contends that a new approach to cybersecurity modeled on the negligence per se doctrine in tort law will significantly improve cybersecurity and reduce regulatory burdens. It introduces a taxonomy of regulators based upon the scope of their oversight and the pace of technological change in industries within their purview. Then, the Essay describes negligence per se for cybersecurity, which establishes a floor for security precautions that draws upon extant security standards. By focusing on the worst offenders, this framework improves notice to regulated entities, reduces information asymmetries, and traverses objections from legal scholars about the cost and efficacy of cybersecurity mandates. The Essay concludes by offering an emerging case study for its approach: regulation of quasi-medical devices by the Food and Drug Administration. As consumer devices increasingly offer functionality for both medical and non-medical purposes, the FDA will partly transition to a general-purpose regulator of information technology, and the negligence per se model can help the agency balance security precautions with promoting innovation.

Keywords: Cybersecurity, Internet of Things, cyberlaw, Federal Trade Commission, Food and Drug Administration, medical devices, tort, negligence per se, security, regulators, passwords, Internet, hacking, data breach, HIPAA, health care

Suggested Citation

Bambauer, Derek E., Cybersecurity for Idiots (March 18, 2021). 106 Minnesota Law Review Headnotes __ (2021 Forthcoming), Arizona Legal Studies Discussion Paper No. 21-04, Available at SSRN:

Derek E. Bambauer (Contact Author)

University of Florida Levin College of Law ( email )

P.O. Box 117625
Gainesville, FL 32611-7625
United States
3522730957 (Phone)

HOME PAGE: http://

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics