As cyber-attacks across the globe become more sophisticated and prevalent, regulators have tried to keep up by enacting statutes and rules that require companies to implement a minimum level of security measures. These statutes and rules, as well as the security measures themselves, attempt to mitigate the potentially significant financial and reputational costs of data breaches, including as a result of interrupted business operations, or access to personal information, customers’ sensitive information, or valuable intellectual property. To help navigate this quickly evolving regulatory landscape, businesses need clear, informed guidance about the requirements of cybersecurity laws (particularly in the U.S., where there are multiple overlapping regulatory regimes at both the federal and state level that address cybersecurity in a sector- or jurisdiction-specific manner).
Freshfields lawyers Beth George, Timothy Howard, Brock Dahl, and Megan Kayo have authored the U.S. chapter of the 2025 Chambers Practice Guide on Cybersecurity. This guide provides an overview of cybersecurity law in the U.S. and covers a wide range of topics that are critical for practitioners and companies to understand, including critical infrastructure cybersecurity, incident response and notification obligations, state law obligations, the intersection between cybersecurity and artificial intelligence, cybersecurity in the financial and healthcare sectors, cyber-resilience, and security certifications.
This guide leverages the firm’s in-depth, longstanding, and global expertise in cybersecurity, ranging from prevention to governance to responding to incidents. It draws on insight from our deep bench of cybersecurity and privacy attorneys located around the world who have provided advice in hundreds of international data crises, investigations, class actions, and regulatory engagements. To access the U.S. chapter of this guide, please click here.