Cybersecurity and data privacy presented some of the most complex legal questions and business risks that multinational companies faced in 2018. Businesses should expect continued growth in cyber and data privacy challenges in 2019.

Cyber attacks became even more sophisticated and severe in 2018, with incidents ranging from exfiltration and extortion schemes, to attacks on critical infrastructure, threats to connected products, and vast data breaches. Even technically simple (but often highly costly) business email compromise attacks spiked in 2018, underscoring the continuing importance of implementing defensive best practices. The data privacy landscape also continued to grow more complex, as the General Data Protection Regulation ("GDPR") went into force in the European Union ("EU")—and affected business practices around the globe. Other jurisdictions are already following suit, passing similar laws that will require significant compliance efforts.

2019 is poised to continue this trend of increasing complexity—and consequences—for cybersecurity and data privacy challenges. The adoption and new use cases for disruptive technologies—whether autonomous vehicles, artificial intelligence, connected products or much more—will help drive the evolution of the cybersecurity and data privacy legal landscape, along with the introduction of new regulatory regimes, expanding litigation risk and scrutiny from policy makers across jurisdictions.

The stakes are high. A report issued by the White House Council of Economic Advisers in 2018 estimated that malicious cyber activity cost the US economy between $57 billion and $109 billion in 2016 alone. For individual companies, the effects can be devastating. Cyber incidents have led to the departure of companies' most senior executives, disrupted mergers and acquisitions, and caused massive financial and reputational costs. Data privacy compliance issues have resulted in both substantial legal penalties and loss of the consumer trust on which companies depend.

Against this background, key cybersecurity and data privacy issues for multinational companies in 2019 will include:

  • Managing Cyber Incidents Across Borders
  • Continued Regulatory Pressure on Cybersecurity and Data Privacy
  • Expanding Cybersecurity and Data Privacy Litigation
  • Increasing Adoption of Comprehensive Data Privacy Regimes
  • Focus on Data Privacy and Cybersecurity Policy

Visit us at

Mayer Brown is a global legal services provider comprising legal practices that are separate entities (the "Mayer Brown Practices"). The Mayer Brown Practices are: Mayer Brown LLP and Mayer Brown Europe – Brussels LLP, both limited liability partnerships established in Illinois USA; Mayer Brown International LLP, a limited liability partnership incorporated in England and Wales (authorized and regulated by the Solicitors Regulation Authority and registered in England and Wales number OC 303359); Mayer Brown, a SELAS established in France; Mayer Brown JSM, a Hong Kong partnership and its associated entities in Asia; and Tauil & Chequer Advogados, a Brazilian law partnership with which Mayer Brown is associated. "Mayer Brown" and the Mayer Brown logo are the trademarks of the Mayer Brown Practices in their respective jurisdictions.

© Copyright 2019. The Mayer Brown Practices. All rights reserved.

This Mayer Brown article provides information and comments on legal issues and developments of interest. The foregoing is not a comprehensive treatment of the subject matter covered and is not intended to provide legal advice. Readers should seek specific legal advice before taking any action with respect to the matters discussed herein.