Do data protection laws really improve cybersecurity?

Data protection regulations must strike a difficult balance between individual privacy and cybersecurity. But what happens when a cyberattacker’s identity is masked in the name of privacy? How would existing laws in the European Union, United Kingdom, and India address this dilemma? What can proponents of federal privacy legislation in the US learn from these countries?