In accordance to most IT literature, definition of cybersecurity is the activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation.
Cybersecurity professionals commonly think about security as covering three general categories of goals:
So what is cybersecurity law?
What are we securing?;
Where and whom are we securing?;
How are we securing?;
When are we securing?;
Why are we securing?
Commonly, cybersecurity is mixed, particularly in legal circles, with data security. Data security is only one part of cybersecurity, it is only one part. Cybersecurity involves more than merely the protection of data. The common understanding amongst cybersecurity professionals about cybersecurity law is that it seeks to prevent harms.
Very few countries really do have a cybersecurity law or a law that specifically said ‘Cybersecurity Law’ or ‘Law of Cybersecurity’. When policymakers talk about cybersecurity, they are not always talking about the same concept. A day rarely passes without another report of a major cybersecurity incident somewhere in some part of the world. Hackers routinely breach the systems of retailers, stealing consumer credit card data and other valuable personal information in the developed countries.
Attackers launch distributed denial-of-service attacks, knocking some of the most popular websites offline for hours or days. Home security webcams become remote spying devices. The constant media coverage begs the question - How well do the existing laws in each of the country address cybersecurity threats against them?
The legal system in a lot of countries, including the US lacks a consistent definition of the term cybersecurity law. There are regulations to ensure companies take certain actions for a cybersecurity purpose, but most don't directly explain what lawmakers meant by cybersecurity.