The state House is expected to act soon on legislation incentivizing businesses to adopt recognized cybersecurity standards.

HB 6607 allows businesses that implement defined cybersecurity frameworks to plead an affirmative defense if they experience a data breach of personal or restricted information.

The legislature's Judiciary Committee approved the bill last month, after it won earlier approval from the Commerce Committee.

The FBI’s Internet Crime Complaint Center received 791,790 claims with reported losses exceeding $4.1 billion last year, an increase of more than 300,000 complaints compared to 2019.

Those complaints included phishing scams, compromised emails, extortion and ransomware.

CBIA testified in support of HB 6607, noting that it provides further incentives for companies to invest in cybersecurity compliance, which is becoming increasingly critical as businesses shift to a remote and digitally centered world.

Investing in cybersecurity can be an expensive decision that requires a company to dedicate time, staffing, and financial resources in order to be successful, and this bill creates a straightforward return on investment through the creation of an affirmative defense.

The frameworks laid out in the bill are all widely recognized, and include standards set by the National Institute of Standards and Technology, Center for Internet Security, the International Organization for Standardization, and the International Electrotechnical Commission.


For more information, contact CBIA's Ashley Zane (860.244.1169) | @AshleyZane9.