Understanding Cyber Risk: Unpacking and Responding to Cyber Threats Facing the Public and Private Sectors

78 Pages Posted: 3 Nov 2022 Last revised: 13 May 2024

See all articles by Lawrence J. Trautman

Lawrence J. Trautman

Prairie View A&M University - College of Business; Texas A&M University School of Law (By Courtesy)

Scott Shackelford

Indiana University - Kelley School of Business - Department of Business Law; Harvard Kennedy School Belfer Center for Science & International Affairs; Center for Applied Cybersecurity Research; Stanford Center for Internet and Society; Stanford Law School

Brian Elzweig

University of West Florida

Peter Ormerod

Northern Illinois University College of Law

Date Written: October 31, 2022

Abstract

Cyber-attacks, particularly ransomware campaigns, continue to pose major threats to businesses, sovereigns, state and local government, health and educational institutions, and individuals worldwide. Ongoing successful instances of cybercrime often involve sophisticated attacks from diverse sources such as organized crime syndicates as seen in the rise of zero-day exploits in such operations, actors engaged in industrial espionage, nation states, and even lone wolf actors possessing relatively few resources. Technological innovation continues to outpace the ability of law to keep pace. By mid-2022: nation-state and international criminal group ransomware attacks continue; serious server software Log4j exploits become evident; U.S. embassy phones are hacked; cyberwarfare is deployed by Russia in their invasion of Ukraine; and theft of valuable intellectual property due to cybersecurity breaches are reported. This Article argues that an all-of-the-above approach to enhancing cybersecurity is needed to address these multi-faceted cyber risks.

Our Article proceeds in nine parts. First, we provide an overview of the cyberthreat environment. Second, we discuss the current cybersecurity legal landscape. Third, we discuss thoughts regarding teaching and conceptualizing the role of cybersecurity in business and society. Fourth, we introduce cybersecurity and corporate governance. Fifth, is a discussion about how corporate directors govern cybersecurity. Sixth, we explore the emerging cyber threat from nation-states and the impact of geopolitics on business. Seventh, we focus on issues involved in identifying and responding to digital attacks. Eighth, we look at the Securities and Exchange Commission (SEC) and the regulation of cyber risk. And last, we conclude. We believe our paper adds to the important body of cybersecurity literature that explores the roles of government and business, particularly corporate directors, in the governance of data security.

Keywords: Audit Committee, Board Structure, Corporate Governance, Crime, Cyber, Data Breach, DHS, Directors, Enterprise Risk Management, Hackers, Incentives, Information Technology, Internal Controls, Market Failure, National Security, NCCIC, NIST, Ormerod-Trautman Cybersecurity Efficiency Model, OWASP

Suggested Citation

Trautman, Lawrence J. and Shackelford, Scott J. and Elzweig, Brian and Ormerod, Peter, Understanding Cyber Risk: Unpacking and Responding to Cyber Threats Facing the Public and Private Sectors (October 31, 2022). University of Miami Law Review, Vol. 78, (2024), Available at SSRN: https://ssrn.com/abstract=4262971 or http://dx.doi.org/10.2139/ssrn.4262971

Lawrence J. Trautman (Contact Author)

Prairie View A&M University - College of Business ( email )

Prairie View, TX
United States

Texas A&M University School of Law (By Courtesy) ( email )

1515 Commerce St.
Fort Worth, TX Tarrant County 76102
United States

Scott J. Shackelford

Indiana University - Kelley School of Business - Department of Business Law ( email )

Bloomington, IN 47405
United States

Harvard Kennedy School Belfer Center for Science & International Affairs ( email )

79 JFK Street
Cambridge, MA 02138
United States

Center for Applied Cybersecurity Research ( email )

Wylie Hall 105
100 South Woodlawn
Bloomington, IN 47405
United States

Stanford Center for Internet and Society ( email )

Palo Alto, CA
United States

Stanford Law School ( email )

Stanford, CA 94305
United States

Brian Elzweig

University of West Florida ( email )

11000 University Parkway
Pensacola, FL 32514-5750
United States

Peter Ormerod

Northern Illinois University College of Law ( email )

Swen Parson Hall
DeKalb, IL 60115
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
739
Abstract Views
1,975
Rank
67,879
PlumX Metrics