The Ethics, Legal and Compliance issues in Cybersecurity



The ethical, legal and compliance issues remain important in the domain of cybersecurity with the continuous evolution of the digital landscape. Therefore, organizations should address all these concerns to safeguard their data, assets and market reputations (McIntosh et al.2023). This blog report is going to demonstrate the legal, ethical and compliance issues associated with cybersecurity while enlightening the strategies and best practices to resolve these issues.

The ethical issues in cybersecurity:

Unauthorized access and hacking:

Ethical concerns are there when a group or individuals are involved in penetration testing, hacking or other intrusive attempts without the needful authorization (Wylde et al.2022). White hat or ethical hackers should maintain the legality of their actions and help in online assignment help USA by conducting all their activities within the restrictions of the scope defined for them (Manjikian, 2020).

Responsible revelation:

Security experts end up discovering vulnerabilities in networks and software. However, the ethical ambiguity is about deciding how and when to reveal these vulnerabilities responsible for reducing the harm, thereby facilitating timely patches (Giansanti & Gulino, 2021).


The accumulation and utilization of private information for the purposes of cybersecurity should be performed keeping the utmost respect for the privacy rights of the individuals (Tronnier et al.2022). However, online assignment help Washington and ethical dilemmas arise when an organization ends up overreaching its information accumulation and monitoring operations (Zarina, Ildar & Elina, 2019).

The legal issues in cybersecurity:

Data Breach Alter Laws:

Multiple jurisdictions have enacted legislation requiring businesses to alert promptly the individuals impacted by data breaches. However, failure to comply with these legislations ends up resulting in legal penalties (Manjikian, 2020).

Copyright and Intellectual Property Act:

The cybersecurity experts should respect the rights of intellectual property during accessing, sharing or using, code, software or any other resources. However, unauthorized distribution or access may lead to legal complications (Andraško, Mesarčík & Hamuľák, 2021).

Cybercrime legislation:

The legal concerns associated with cybercrime remain complex with differing jurisdictions. It is noticed that intruders, hackers and fraudsters have to encounter severe legal consequences if they get caught and prosecuted (Giansanti & Gulino, 2021).

International jurisdiction and law:

Cyberattacks are responsible for crossing international borders, making it complex to understand which of the legal jurisdictions gets the authority over a specific case (Tronnier et al.2022). However, instant assignment help Washington  international treaties and agreements allow for addressing this issue, but, would not always be effective (Wylde et al.2022).

The compliance issues in cybersecurity:

Regulatory compliance:

Different regulations, including the General Data Protection Regulation (GDPR), the Payment Card Industry Data Security Standard (PCI DSS), and the Health Insurance Portability and Accessibility Act, would mandate certain cyber safety needs (Zarina, Ildar & Elina, 2019). Therefore, the enterprises are obliged to maintain compliance with these regulatory requirements, otherwise, they come across legal consequences (Andraško, Mesarčík & Hamuľák, 2021).

Industry standards:

Certain industries have developed information security standards and best practices, that the organizations are supposed to adhere to. However, non-compliance is responsible for resulting in legal actions or loss of market opportunities (Manjikian, 2020).

Security of supply chain:

Business organizations require ensuring that their suppliers as well as 3rd party vendors stick to the cybersecurity policies, compliance needs and industry standards to prevent vulnerabilities from intruding into their supply chains (Giansanti & Gulino, 2021).

Insider threats:

Regulatory compliance at times involves maintaining an eye on the activities of the employees. However, maintaining a consistent balance between security compliance and employee privacy could be a key compliance issue for organizations in the context of cybersecurity (Blanken-Webb et al.2018).

Resolution to the ethical, legal and compliance issues in cybersecurity:

Resolving the legal, ethical and compliance challenges in cybersecurity remains a challenging task that demands a combination of procedures, policies and a commitment to the best cybersecurity practices through designing comprehensive procedures and policies, establishing a code of ethics, conducting regulatory training and awareness activities, implementing strict access control and monitoring, ongoing compliance audit, supply chain and vendor security generating public awareness and incorporating a culture of ethics within the organizations (Manjikian, 2020). There must be detailed and clear policies for addressing the legal, ethical and compliance issues in cybersecurity, covering areas such as data handling and privacy and responsible disclosure. Additionally, a code of ethics must be defined for all the employees within an organization, outlining the expected organizational behaviour, ethical work standards and responsibilities that the employees must follow (Giansanti & Gulino, 2021).

Furthermore, the employees should be provided with information security training to ensure that they remain aware of the ethical concerns, compliance needs and data protection regulations (Andraško, Mesarčík & Hamuľák, 2021). Robust policies for access control should be put in place to prevent unauthorized access to sensitive data and systems with monitoring and logging the system activities continuously for detecting and responding to potential cyber incidents or ethical violations. A well-defined policy must be established for handling and receiving reports of security vulnerabilities for cybersecurity experts and ethical hackers, ensuring appropriate and timely responses to those reports (Zarina, Ildar & Elina, 2019). Nevertheless, there must be compliance assessments and audits conducted regularly to ensure that an organization follow all the relevant standards and regulations. The cybersecurity activities of all the 3rd party suppliers and vendors associated with an organization must be monitored, incorporating the cybersecurity needs in agreements and contracts (Wylde et al.2022).

The employees must be informed about the international agreements and laws regarding cybersecurity with consulting professionals when required to address cross-border concerns (Tronnier et al.2022). In addition to that, organizations must strike a balance between cybersecurity and employee privacy by putting controls and policies in place, which respect personal boundaries besides safeguarding the company from insider threats. The commitment of an organization to legal compliance, data protection and ethical behaviour must be communicated to generate public awareness, thereby building trust with the partners and consumers (McIntosh et al.2023). It should always be kept in mind that addressing the legal, ethical and compliance issues in cybersecurity remains an ongoing endeavour. Therefore, it is essential to keep the training activities, policies and practices updated regularly to stay aligned with the emerging ethical and legal standards. A strong culture of cybersecurity must be encouraged within any organization to reduce these issues and maintain a proactive outlook towards cybersecurity (Wald, 2016).


 At the end of this blog report, it is concluded that to address the identified legal, ethical and compliance concerns, an organization must develop clear cybersecurity policies by performing ongoing training and working with legal professionals to ensure that their information security practices are aligned with the law and industry standards (Wald, 2016). However, ethical concerns are supposed to be embedded in the organizational culture of responsible revelation practices with the incident response strategies. Furthermore, staying aware of the evolving cybersecurity regulations and laws is essential to maintaining compliance in a continuously changing landscape (McIntosh et al.2023).


Andraško, J., Mesarčík, M., & Hamuľák, O. (2021). The regulatory intersections between artificial intelligence, data protection and cyber security: challenges and opportunities for the EU legal framework. AI & SOCIETY, 1-14.

Blanken-Webb, J., Palmer, I., Deshaies, S. E., Burbules, N. C., Campbell, R. H., & Bashir, M. (2018). A case study-based cybersecurity ethics curriculum. In 2018 USENIX Workshop on Advances in Security Education (ASE 18).

Giansanti, D., & Gulino, R. A. (2021, November). The cybersecurity and the care robots: A viewpoint on the open problems and the perspectives. In Healthcare (Vol. 9, No. 12, p. 1653). MDPI.

Manjikian, M. (2020). The Ethics of Cybersecurity. Prometheus36(4), 403-406.

McIntosh, T., Liu, T., Susnjak, T., Alavizadeh, H., Ng, A., Nowrozy, R., & Watters, P. (2023). Harnessing GPT-4 for generation of cybersecurity GRC policies: A focus on ransomware attack mitigation. Computers & Security134, 103424.

Tronnier, F., Pape, S., Löbner, S., & Rannenberg, K. (2022). A discussion on ethical cybersecurity issues in digital service chains. In Cybersecurity of Digital Service Chains: Challenges, Methodologies, and Tools (pp. 222-256). Cham: Springer International Publishing.

Wald, E. (2016). Legal Ethics’ Next Frontier: Lawyers and Cybersecurity. Chap. L. Rev.19, 501.

Wylde, V., Rawindaran, N., Lawrence, J., Balasubramanian, R., Prakash, E., Jayal, A., … & Platts, J. (2022). Cybersecurity, data privacy and blockchain: a review. SN Computer Science3(2), 127.

Zarina I, K., Ildar R, B., & Elina L, S. (2019). Artificial Intelligence and Problems of Ensuring Cyber Security. International Journal of Cyber Criminology13(2). Protection Status
Open chat
Need Help?
Hello! Welcome to Sourceessay.
How can I help you?