Freshfields Partners Author Two Chapters for Chambers Cybersecurity 2026

A team of Freshfields data regulation & cybersecurity partners including Brock Dahl, Beth George, Timothy Howard and Megan Kayo have contributed two chapters to Chambers Cybersecurity 2026.

USA: Law and Practice

The United States does not regulate cybersecurity under a single, general, nationwide regime. Instead, multiple overlapping regulatory regimes at both the federal and state levels address cybersecurity in a sector- or jurisdiction-specific manner. The scope and substantive obligations imposed by each of these regulations address specific aspects of cybersecurity. These aspects can include: technical measures that can be implemented to mitigate the risk of unauthorized access to data; incident response procedures for when data breaches occur and transparency and reporting requirements. These regulations serve purposes such as protecting national security, safeguarding personal information (including specific regulations addressing sensitive financial data or health information) and promoting collaboration and innovation.

In this chapter, the team analyzes key topics in the current U.S cybersecurity landscape including critical infrastructure cybersecurity regulation, operational resilience in the financial sector, cyber-resilience, security certification for ICT products, services and processes and cybersecurity in other regulations.

USA: Trends and Developments

If there is one trend that has been constant in the cybersecurity and incident response fields, it is that cyber-attacks have consistently been increasing in sophistication, speed and severity. This will likely continue to be the case due to:

• increasingly capable technological tools, including advances in agentic AI that could be used to increase the efficacy and efficiency of cyber-attacks, as well as the future risk of quantum computers cracking encryption that is currently used to protect data;
• an increasingly turbulent geopolitical landscape, which can increase nation-state-sponsored and affiliated cyber-attacks; and
• an increasingly interconnected world in which companies rely on third-party service providers for day-to-day operations, increasing the attack surface and reducing their visibility and control over the systems that support and protect their operations.

Being aware of these interconnected trends and developments, their prevalence and their potential impacts is critical for companies looking to build resilient systems and combat or minimize the impact of these attacks in a realistic and prioritized way.

In this chapter, the team analyzes evolving threats in cybercrime, including agentic AI and how organizations can tailor their incident response to remain resilient amidst a cyber-attack.

To read chapters online, click here.

Associates Robert Barton, Andres Calzada, Madeline Cimino, Roger Li, and Abby Shamray also contributed to the chapters.