Private companies are primary targets for cyberattacks. Their vulnerability is due to their dependence on IT systems and networks as well as communication networks. How does the law, as a tool of regulation and repression, attempt to reduce the vulnerability of companies in cyberspace? How does it involve organisations in this fight, and to what extent does it underline their ability to contribute to their own security? This article analyses the legal treatment of the fight against cyberattacks from the perspective of companies’ security. It highlights the way the French law handles this phenomenon with regard to both prevention and protection, and how companies respond to cyber risks.
- General Data Protection Regulation (GDPR)
- Network and Information Security Directive (NIS)
- cyber insurance