Cybersecurity is a fact of business life, but employers are not always pleased when a cybersecurity professional reports a serious and expensive cyber deficiency. Often, instead of addressing the problem, they shoot the messenger and retaliate against the whistleblower.
Surprisingly, there are no specific laws that protect cybersecurity professionals who report their employer’s cyber vulnerabilities or breaches. Nevertheless, cybersecurity whistleblowers can defend against retaliation. They can take advantage of other laws that protect employees from retaliation, even though they were not initially designed with cybersecurity whistleblowers in mind. These include statutes regulating industries that employ cybersecurity professionals and catch-all state law prohibitions against wrongful termination in violation of public policy.