Gov. Ned Lamont signed legislation July 6 that incentivizes businesses to adopt standard cybersecurity frameworks.
Lamont signed HB 6607, which promotes cybersecurity best practices by preventing a company from being held liable for punitive damages in the event of a data breach.
The bill passed both the state House and Senate unanimously during the legislative session.
The defined standards well recognized in the cybersecurity community and include frameworks developed by the National Institute of Standards and Technology, Center for Internet Security, and the International Organization for Standardization and the International Electrotechnical Commission.
CBIA testified in support of the bill, noting the incentives for companies to invest in cybersecurity compliance, which is becoming increasingly critical as businesses shift to a remote and electronic centered world.
CBIA's Ashley Zane told the state legislature's Commerce Committee earlier this year that the bill allows a business that experiences a data breach of personal or restricted information, to plead an affirmative defense if that company has adopted a recongized cybersecurity standards.
"This bill parallels the Department of Homeland Security Safety Act which was designed to protect suppliers of technologies and services focused on anti-terrorism and cybersecurity," she said.
"Investing in cybersecurity is an expensive decision that requires a company to dedicate time, staffing, and financial resources to be successful."