Lawyers. Tom reluctantly swiveled away from his workstation to face the creatures before him. There sat two of the breed, ties drawn tight around their necks and dark suits set in stark contrast to the beige office. His general counsel Alain, spoke first: “Tom, I know you asked our office to advise you today about what legal and compliance capability we can bring to bear for cybersecurity, so I brought with me one of our staff attorneys who’s had prior experience with cyber. As you know, lawyers are like wolves; we never travel alone. We actually have several worrisome conclusions which we think you really should consider.”

It is beneficial to spend some time understanding the legal paradigms that drive cyber law today. For our purposes, it is worth examining the legal frameworks in the two places modern organizations are perhaps the most likely to do business subject to cyber regulations: the European Union and the United States. Before doing so, let us overview how the regulatory dots are connected as in Table 17.1.