Cybersecurity is the process of protecting internet-connected computer systems, such as hardware, software, and data, from cyber-threats. Cybersecurity is used by individuals and businesses to protect against unauthorized access to these computer systems when cyber criminals attempt to change, destroy, and steal sensitive data; extort money by making the systems unworkable; and interrupt business operations.

In Oregon, cybersecurity is governed by a combination of state statutes and federal laws designed to protect computer systems and sensitive data from cyber-threats. Oregon Revised Statutes (ORS) include provisions that address data breaches, unauthorized access, and the obligations of businesses to implement reasonable cybersecurity measures to safeguard personal information. For instance, the Oregon Consumer Identity Theft Protection Act (ORS 646A.600 to 646A.628) requires businesses to develop, implement, and maintain reasonable safeguards to protect the security, confidentiality, and integrity of personal information. Additionally, Oregon has laws that penalize computer crimes, such as unauthorized access, use, or damage to computer systems (ORS 164.377). At the federal level, laws such as the Computer Fraud and Abuse Act (CFAA) and various regulations from agencies like the Federal Trade Commission (FTC) provide additional layers of cybersecurity requirements and enforcement. These laws work in tandem to deter cybercriminals, mandate reporting of data breaches, and ensure that both individuals and businesses take proactive steps to secure their computer systems against cyber-threats.