Law & Policy

Understanding cybersecurity law and policy

Indiana University helped pioneer the field of cybersecurity and information privacy law as one of the first places in the nation to offer such courses more than 20 years ago.

Today our faculty analyze cybersecurity legal and policy issues across a wide range of subfields including information privacy, critical infrastructure protection, and data governance. Centered at the IU Maurer School of Law and the Business Law and Ethics Department at the Kelley School of Business, our faculty teach a range of courses to help students unpack these challenges and more, from managing intellectual property to hot topics in EU data privacy, health privacy, and blockchain governance. Practicum experiences permit students to apply what they have learned and help real-world clients in the process.

Cybersecurity law is a fast-maturing but still new field combining an array of topics from negligence and invasion of privacy to corporate governance and international law. This means that legal frameworks used to manage common problems like ransomware are often fragmented, resulting in a quilt of laws and policies that may or may not affect any given practice.

To ensure best practices, legal counsels are expected to be aware of any and all intersectional policies that might affect a company’s cybersecurity. This allows them to collaborate with IT professionals and managers to help create the best possible legal and technical controls for a company’s cybersecurity infrastructure regardless of the jurisdiction in which they practice.

In order to enhance cybersecurity for clients and firms, lawyers need to possess a fundamental understanding of the technologies supporting those systems. Gaining that type of knowledge starts in the classroom. IU arms lawyers with an understanding of not only cybersecurity’s legal aspects but also its foundational technical elements. This allows lawyers and those seeking legal knowledge to ask the right questions of IT professionals and serve in a more multifaceted capacity.

Cybersecurity professionals are involved in corporate cybersecurity efforts that range from reactive litigious prosecution of breaches to proactive risk assessments. Many companies have realized that reacting to breaches can be far less of a headache than proactively mitigating underlying vulnerabilities. With the complex legal frameworks guiding cybersecurity measures, lawyers have become integral to creating systems that are both compliant and effective.

Practitioners have taken on many responsibilities related to corporate cybersecurity including privacy and information governance. It’s important that current and future professionals know how to communicate effectively about these complex concepts. Their audiences go beyond legal documents to include:

  • Board members
  • Regulators
  • Shareholders
  • General public

Experts in this area

Get more information about our areas of expertise

Have a media inquiry for one of our area experts? Contact us at