It’s a widespread belief that regulations are a barrier to job growth. This idea came to prominence in the late 1970’s and early 80’s with the Chicago School of “Supply Side Economics” and was thrown onto the national stage during Ronald Reagan’s first presidential campaign. This notion has been reinforced by recent media coverage of comments regarding “job-killing regulations” made by President Trump on the campaign trail and after taking office. While it’s true that in many cases tougher rules can disrupt certain industries, either by limiting activity or banning it outright, recent changes in cyber security and data management legislation may actually present professionals in the cyber security job market with even greater opportunities.


New Regulatory Challenges in Cyber Security

Under the SEC’s new disclosure guideline, board members and company directors will be held accountable for ensuring accuracy and transparency in security breach reports. The guideline draws largely on established state and federal legislation on the topic. New York State has been famous for setting regulatory benchmarks, particularly when it comes to the financial sector, and has some of the strictest cyber security laws around. Under New York’s laws, companies are required to provide annual proof that they’re conducting penetration tests, encrypting sensitive data, and making use of multifactor authentication. Security in software or app development, and in the use of third-party platforms.  Beginning in February 2019, periodic risk assessments will also have to be provided. In 2016, the European Union passed the General Data Protection Regulation, which is set to revolutionize the way businesses obtain, use and distribute personal information. Companies will need explicit authorization from users before gathering their personal information. Users should know what personal information companies have, and should also be able to revoke their sharing consent at any time as if they were unsubscribing from an email list. The ruling will particularly affect companies working with online advertising for targeted ad campaigns, where user data from their browsing history is used to show ads for products they’re most likely to buy. Liability costs for data breaches and unauthorized use of customer data will also increase, with fines for non-compliance to be set at either 4% of turnover or $20 million.  The regulation is set to take effect on May 25th 2018, and it’s relevance extends to all companies that do business in Europe, meaning that companies all over the world are set to adapt themselves to the new rules on data protection.


The Impact on Job Creation

These regulations are designed to make companies actively look for weak points in their security infrastructure and respect the privacy of internet users in general. From a business point of view, compliance with these new measures may increase short-run costs, but building a safer cyber environment that complies with established regulations is well worth it down the line. According to the Ponemon Institute, the average cost of non-compliance is 2.71 times greater than the spending required to meet regulatory demands. Companies like Capstone IT provide outsourcing services for cyber security compliance at a small fraction of costs. In 2018, we can expect to see a greater emergence of companies providing this sort of compliance outsourcing service tailored to the cyber security and data protection needs of a variety of industries.  For professionals working in cyber security, this means more jobs as hackers become more sophisticated and security threats evolve. More corporations and other large organizations are expected to hire Chief Information Security Officers (CISO), who will certainly need qualified professionals working under them. By the same token, the regulatory surge will also see a greater role for developers, cyber security specialists, compliance managers and data analysts, as the increased costs of data breaches force companies to double back on securing their networks and their users’ information.