The university of tulsa Online Blog

Trending topics in the tu online community

Cyber Security

Cybersecurity Law: What Professionals Should Know

Written by: University of Tulsa   •  Jan 8, 2026

A cybersecurity team works on code in a busy office.

Data breaches and cyber attacks are increasing. The number of data breach notices increased by 211% from 2023 to 2024, according to the Identity Theft Resource Center (ITRC), a nonprofit that supports the victims of identity theft. A positive development is that lawmakers in 40% of states have enacted comprehensive cybersecurity laws in addition to the federal regulations with which organizations already must comply, according to the ITRC. According to their findings, better cyber practices could’ve prevented at least 196 compromises and more than 860 million victim notices in 2024.

Cybersecurity experts are developing more comprehensive laws in response to a rapidly evolving digital landscape. With an advanced degree in cybersecurity, graduates can help ensure that these policies fit the needs of today’s technology.

What Is Cybersecurity Law?

Cybersecurity law refers to the rules and regulations established to ensure data protection, mitigate risks for data breaches and cyber attacks, and create a framework for reporting incidents. Organizations must follow these rules to protect themselves, vendors, customers, and investors and stay ahead of threats that put them at risk of leaks and other fallout from cyber attacks.

Examples of Cybersecurity Laws and Why They Matter

The United States has established several cybersecurity laws that set the standard for how organizations operate within the country. However, just as companies that want to do business in the United States need to adhere to U.S. cybersecurity law, U.S. businesses must also ensure compliance with the cyber laws of other countries where they intend to operate.

Cybersecurity Information Sharing Act

The Cybersecurity Information Sharing Act of 2015 (CISA) is a U.S. cyber law created to build a better line of communication for sharing cyber threat information between private organizations and the federal government. Through establishing these communication channels, the government aims to share information to better detect, stop, and address cyber attacks before they happen. Participating organizations receive protection from liability, encouraging more companies to be transparent about the state of their cybersecurity readiness.

Federal Information Security Modernization Act

The Federal Information Security Modernization Act of 2014 (FISMA; originally known as the Federal Information Security Management Act) is a U.S. cybersecurity law that was initially created to set mandates for how federal agencies and their contractors would secure and protect federal data.

The new act expanded upon these mandates by codifying the authority of the U.S. Department of Homeland Security (DHS) to oversee implementation of security protocols for executive branch systems, clarifying the supervision of these security practices by the Office of Management and Budget (OMB), and setting new standards to eliminate inefficient reporting practices. This cyber law protects federal data from those who would do the public harm, while more recent amendments to this act also help target inefficiencies and redundancies in reporting.

Computer Fraud and Abuse Act

The Computer Fraud and Abuse Act of 1986 (CFAA) was initially an amendment to the first federal computer fraud law intended to target hackers. It’s been updated several times, most recently in 2008. Today, the CFAA criminalizes accessing a protected computer without authorization. After establishing a lack of authorization, victims can pursue legal action against hackers and cybercriminals who’ve been involved in data theft or ransomware attacks. The CFAA also establishes the right to pursue civil actions, allowing businesses to recover losses from these cyber attacks.

Health Insurance Portability and Accountability Act

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted to safeguard patient information and create secure lines of communication to share health data. These standards uphold patients’ rights to confidentiality and allow them greater control over disclosing their private information.

However, HIPAA also helps make health data more transmissible while still protecting information. Through secure channels, health care providers, insurers, and other necessary parties can share information to ensure that patients have complete health data and providers can give them the care they need.

General Data Protection Regulation

In 2016, the European Union passed the General Data Protection Regulation (GDPR), which came into effect in 2018. It’s considered the toughest privacy and security law in the world, and both EU-based businesses and anyone who wants to do business in the EU must adhere to it. If someone processes the personal data of EU citizens or residents, or offers them goods or services, the GDPR applies.

A lack of compliance with the GDPR can result in hefty fines payable to the EU, but data owners are additionally allowed to seek compensation for damages.

Protect the Future of Data With Cyber Law

Cyber attacks don’t look the same today as they did 20 years ago; this is why cybersecurity laws must evolve to keep up. While these laws have been around for decades, policymakers are always looking for ways to update them and ensure that they properly address today’s threats. In the online Master of Science (M.S.) in Cyber Security program at The University of Tulsa, students learn the skills and knowledge to not only thrive in cyber defense today but also adapt to the technology of tomorrow.

A cybersecurity degree from TU may not enable students to predict the future, but it will teach them to identify threats before they happen and help shape a future with less cybercrime. In an accelerated program led by cyber defense experts, students can earn their cybersecurity degrees in as little as 20 months. Hands-on lessons teach both technical skills and nontechnical issues in cyber attacks, such as legal and ethical considerations.

Embrace a future as a leader in cybersecurity law with TU.

Recommended Readings

5 Types of Hackers

What Are the 8 Types of Cybersecurity?

What Is Cyber Fraud?

Sources:

Congress.gov, An Act to Improve Cybersecurity in the United States Through Enhanced Sharing of Information About Cybersecurity Threats, and for Other Purposes

Cybersecurity & Infrastructure Security Agency, Federal Information Security Modernization Act

GDPR.eu, What Is GDPR, the EU’s New Data Protection Law?

Identity Theft Resource Center, Identity Theft Resource Center’s 2024 Annual Data Breach Report Reveals Near-Record Number of Compromises and Victim Notices

NRI Secure, A Guide to U.S. Cybersecurity Laws and Compliance

StatPearls, “Health Insurance Portability and Accountability Act (HIPAA) Compliance”

U.S. Department of Justice, Computer Fraud and Abuse Act

Recent Articles

Professionals Using a Tablet to Access a Conference Room..jpg
Cyber Security

AI and Access Security: How It’s Changing the Industry

University of Tulsa

Dec 22, 2025

Red Team vs. Blue Team vs. Purple Team in Cybersecurity Thumbnail
Cyber Security

Red Team vs. Blue Team vs. Purple Team in Cybersecurity

University of Tulsa

Dec 22, 2025

A cybersecurity professional working on multiple monitors.
Cyber Security

Advanced Persistent Threats: Tools for Professionals

University of Tulsa

Dec 15, 2025

Learn more about the benefits of receiving your degree from The University of Tulsa

Get More Information