Legislation incentivizing businesses to adopt standard cybersecurity frameworks won final legislative approval this week as the General Assembly prepared to adjourn.
The state Senate followed the House and unanimously approved HB 6607, which promotes cybersecurity best practices by preventing a company from being held liable for punitive damages in the event of a data breach.
The standards laid out in the bill are all solid and well adopted in the cybersecurity community including frameworks from the National Institute of Standards and Technology, Center for Internet Security, and the International Organization for Standardization and the International Electrotechnical Commission.
CBIA testified in support of this bill, noting HB 6607 provides further incentives for companies to invest in cybersecurity compliance, which is becoming increasingly critical as businesses shift to a remote and electronic centered world.
According to the FBI’s Internet Crime Complaint Center received 791,790 claims with reported losses exceeding $4.1 billion last year, an increase of more than 300,000 complaints compared to 2019.
Rep. Caroline Simmons (D-Stamford), co-chair of the legislature's Commerce Committee, said the bill bolsters the state's cyberdefenses, noting the collaboration among stakeholders, including CBIA, in developing the measure.
"Too many businesses underestimate this threat and do not have the tools to bolster their defenses," she said.
"According to a 2018 CBIA survey, nearly one-quarter of Connecticut businesses experienced a data breach or cyberattack in the previous two years. And 90% of those were small businesses with less than 100 employees.
"This legislation is critical for protecting our most vulnerable industries from the increasing threat of cyberattacks."
Committee ranking member Rep. William Buckbee (R-New Milford) told fellow lawmakers "data breaches are far too dangerous and this bill does so much to protect consumers and businesses."
The bill will now heads to the governor’s desk for his signature.