• Skip to primary navigation
  • Skip to main content
  • Skip to footer
CUBE announces its acquisition of The HubCUBE announces its acquisition of The HubCUBE announces its acquisition of The Hub

CUBE global

  • Products
        • RegPlatform product overviewOur enterprise product, providing regulatory intelligence for large, global financial institutions looking to tackle complex compliance.
        • RegAssure product overviewOur highly intuitive, seamless compliance product, that grows with your small or medium sized business.
        • View all products
  • Solutions
        • PrivacyGlobal governance for data privacy regulations, the world over
        • RecordsHolistic oversight of ever-growing regulations for records
        • CybersecurityAutomated workflows for up to date, relevant data on cyber
        • Technology riskEffective policies and controls to mitigate technology risk
        • Financial crime and AMLWatertight audit trails to show risk-based rationale
        • View all solutions
  • Resources
        • Resource hubLifting the lid on financial services, compliance, and regulation
        • Read

        • Case Studies
        • Blog posts
        • Reports
        • Brochures
        • Find

        • Compliance Corner
        • Compliance Confessions
        • ESG Conference
        • CUBE’s regulation game
        • Listen

        • Videos
        • Webinars
        • Podcasts
  • Partners
        • Advisory and consulting partnersEnhance your regulatory compliance offering with the entire suite of CUBE regulatory data.
        • Integration partnersCompliance is complex enough without over-complicated integration procedures.
        • Technology partnersAdd value to existing customer applications with a unified window into regulatory intelligence.
        • Partners overview
  • About us
        • About usThe story of who we are, how we got here and why we’re exceptionally proud of what we do
        • TeamThe visionaries and leaders powering CUBE’s success
        • NewsThe latest news from CUBE
        • CareersOur movement to transform regulatory data into regulatory intelligence
        • ContactWant to know more? Get in touch
  • Request a demo
Customer login
Home » Resources » Cybersecurity regulations: an overview

Estimated reading time: 5 minutes

Cybersecurity regulations: an overview

Cybersecurity regulations refer to the protection measures taken to guard the integrity and privacy of your digital data

Since Web1 (the beginning of the internet), various cybersecurity regulations have been introduced around the globe. Here’s a round up of the most prominent or established regulatory compliance practices across the UK, EU and US.  

Cybersecurity regulations: categories

In reality, the list of cybersecurity regulations are almost endless. To compare general requirements across the UK, EU and US, we’ve listed some well-known features of cyber regulations. 

Data protection and storage

Data protection is an important aspect of cybersecurity regulations. Not only is this integral at a government level (to ward off national security threats), but it’s crucial as you move down to a small business and personal level, too.

Many businesses collect incredibly personal information from their customers, including the likes of an email address and demographic data. If this information falls into the wrong hands, the consequences could be as severe as identity theft.

UK GDPR (also applies in the EU)

The UK’s General Data Protection Regulation (GDPR) ensures that businesses gain consent from their prospects before customers are added to mailing lists. It aims to prevent spam and the selling of data to third parties.

EU MIFID

The EU’s Markets in Financial Instruments Directive (MIFID) specifies the type of information that investment firms must provide in order to operate legally. This shifts the focus of data protection towards transparency, rather than anonymity. 

US FINRA 4511

The FINRA 4511 rule refers to record-keeping requirements within cybersecurity regulations. The key provisions of this rule aim to preserve and protect records in a standardized way to protect against loss or file corruption.

Obvious differences between the three regulations can be found within their list of sanctions. For example, typical punishments for non-compliance with GDPR include fines of up to €10 million.

Alternatively, penalties for breaking FINRA code include suspension or total dismissal from working within a regulated financial organisation.

Anti-hacking and anti-phishing

Hacking refers to the compromising of a digital system or product through unauthorised access. It is a key component of cybersecurity regulations. Similarly, phishing is the act of sending fraudulent communications that appear legitimate in order to gain access to sensitive information.

Of course, both of these activities have been criminalised across the globe. In order to better protect financial institutions, the UK, EU and US have formed specific anti-hacking and anti-phishing regulatory guidelines.

UK Computer Misuse Act 1990

The Computer Misuse Act (CMA) was introduced to criminalise malicious attacks on digital machinery. It sets out penalties for crimes ranging from ransoming data, the creation of malware and the unauthorised tampering of devices.

EU Directive on Attacks Against Information Systems 2013

This EU directive was introduced by Europol in order to mirror the long-standing criminalisation standards in the US. It specifies protection against organised attacks which threaten the integrity of entire systems.

US Computer Fraud and Abuse Act 1986

In the US, the Computer Fraud and Abuse Act (CFAA) specifically protects devices belonging to financial services institutions. As such, this regulation is more focused on national security interests, as opposed to the protection of the public sector.

There are a number of differences between cybersecurity regulations depending on your location. The EU specifies up to 2% of revenue fine for breaking any of their regulations. Here are some of the UK and US differences:

CrimeUK CMAUS CFAA
Unauthorised tampering6 months imprisonment and up to £5,000 fineUp to 10 years imprisonment
Intention to commit cybercrime5 years imprisonment and unlimited fineUp to 5 years imprisonment
Modifying or ransoming data5 years imprisonment and unlimited fineUp to 5 years imprisonment
Aiding the misuse of computer equipment10 years imprisonment and unlimited fineUp to 5 years imprisonment

Identity theft

Identity theft refers to the wrongful adoption of someone else’s official documentation in exchange for economic gain.

UK, EU and US against identity theft

There is a general consensus and guideline around avoiding identity theft for victims across the globe. These are mainly based around information security, and involve the likes of:

  • Using strong passwords
  • Using a VPN
  • Not accessing public WIFI services

However, there is a lack of clear legislation in the UK against data breach crimes, identity theft and fraud. Legal experts claim that penalties for identity theft crime can lead to up to 7 years imprisonment.

Similarly in the EU, there is no specific committee that has been commissioned to combat this cyber threat. The European Network and Security Agency (ENISA) and the EU Cybersecurity Act advises the public to secure your passwords using cloud-based technology and restrict sharing of personal data to different websites or social media.

The US does have homeland security and state-wide cybersecurity measures to protect the public from identity theft. However, the Identity Theft and Assumption Deterrence Act was passed in 1998 and carries a maximum penalty of 15 years imprisonment. 

Social media offences

Special mention goes out to social media offences, such as:

  • Trolling
  • Online threats
  • Revenge porn
  • Stalking
  • Harassment

This is a newer category of data security since social media is still very new. But it possesses a significant level of cyber risk.

Research is constantly being published about the mental health effects of social media, and there is much debate around how involved governments should be, and the infringement of human rights, such as freedom of speech. This category is one to watch over the next decade or so, with cybersecurity regulations and others likely to come to the fore.  

Who must comply with cybersecurity regulations?

The majority of cybersecurity regulations apply to the general public. However, some security measures specifically refer to financial institutions for compliance. For example, the EU’s MIFID Directive is specifically aligned to cybersecurity standards in the financial services industry.

Fortunately, compliance doesn’t have to feel like a wild goose chase of risk assessment after risk assessment. Always have access to the latest cybersecurity requirements in your region by discovering CUBE’s products. Never miss a new regulation again.  

Request a demo

Related resources
View all articles
What is RegTech
Compliance Corner

What is RegTech?

What is hemp banking and what regulations are there
Compliance Corner

Hemp Banking

Find out all about the UK's Big Bang 2.0 financial regulation
Compliance Corner

UK government Big Bang 2.0

current US ESG regulations blog
Compliance Corner

What are the current US ESG regulations?


Want CUBE updates and latest industry news sent straight to your inbox?

Footer

Add CUBE logo here

  • Products
    • Partners
    • Solutions
  • Resource hub
    • Blogs
    • Reports
    • Brochures
    • Compliance Corner
    • Webinars
    • Podcasts
    • Videos
  • Behind CUBE
    • About us
    • Meet the team
    • Careers
    • News
    • Contact us
  • The legal bits
    • Privacy policy
    • Cookie policy
    • Terms of use
    • Accessibility
Follow us:
  • LinkedIn
  • Twitter
  • YouTube

© 2023 CUBE Content Governance Global Limited

  • English
  • US

envelope

Want CUBE updates and latest industry news sent straight to your inbox?

Sign up to our Newsletter here