The state House unanimously passed legislation May 20 that incentivizes businesses to adopt recognized cybersecurity standards.

HB 6607 promotes the adoption of defined cybersecurity frameworks by preventing a company from being liable for punitive damages in the event of a data breach. 

Commerce Committee co-chair Rep. Caroline Simmons speaks before the House vote on HB 6607.

The frameworks are well recognized by the cybersecurity community, including the National Institute of Standards and Technology, Center for Internet Security, the International Organization for Standardization, and the International Electrotechnical Commission.

CBIA supported the bill, noting it provides further incentives for companies to invest in cybersecurity compliance, which is becoming increasingly critical as businesses shift to a remote and electronic centered world.


Rep. Caroline Simmons (D-Stamford), co-chair of the legislature's Commerce Committee, said the bill bolsters the state's cyberdefenses, noting the collaboration among stakeholders, including CBIA, in developing the measure.

"Too many businesses underestimate this threat and do not have the tools to bolster their defenses," she said.

"According to a 2018 CBIA survey, nearly one-quarter of Connecticut businesses experienced a data breach or cyberattack in the previous two years. And 90% of those were small businesses with less than 100 employees.

"This legislation is critical for protecting our most vulnerable industries from the increasing threat of cyberattacks."

Committee ranking member Rep. William Buckbee (R-New Milford) told fellow lawmakers "data breaches are far too dangerous and this bill does so much to protect consumers and businesses."

The bill now moves to the state Senate.