Processing Your Payment

Please do not leave this page until complete. This can take a few moments.

May 25, 2021

CT House passes bill that would shield businesses from cyber hack liability 

madartzgraphics via Pixabay
By Sean Teehan

Representatives in Connecticut's state House unanimously approved a bill that would create a lawsuit shield for businesses that adopt cybersecurity measures.

The bill, which will now move to the state Senate, encourages companies to adopt cybersecurity frameworks prescribed by nationally-recognized organizations like the National Institute of Standards and Technology (NIST). If passed, it would shield companies that enacted such policies from legal liability if their customers’ data is exposed in a cyberattack.

"I was proud to see unanimous bipartisan support of this bill, which only works to protect Connecticut’s infrastructure, utilities, businesses, hospitals, schools, and consumers," said Rep. Caroline Simmons (D-Stamford), who introduced the bill.

Amid a pandemic that forced people to increasingly rely on cyber options for remote communication and transactions, cybersecurity has emerged as an increasingly potent concern. 

The FBI’s Internet Crime Complaint Center recently said it received a record number of cybersecurity complaints from Americans last year (791,790) with reported losses exceeding $4.1 billion. It was an increase of more than 300,000 complaints compared to 2019. Problems ranged from phishing scams to compromised emails, extortion and ransomware. And that was before the Colonial Pipeline ransomware attack that created fuel shortages in parts of the U.S.

The proposed legislation in Connecticut addresses the issue of private-sector cyber breaches on two fronts. It instructs businesses on how they can avoid getting hacked in the first place, and provides some protection from lawsuits to responsible businesses that are breached.

The bill lists several different established cybersecurity frameworks that experts recognize as effective. The NIST standards, for example, involve identifying what data could be vulnerable, safeguarding data and systems, and remaining vigilant of anomalies in computer systems to detect a cyberattack as quickly as possible.

If the bill passes, businesses that conform to one of the frameworks would be able to use that compliance as an affirmative defense in state courts. That means a company sued over a cyberattack in Connecticut courts could escape legal liability if it proves its cyber practices meet the standards the law prescribes.
 

Sign up for Enews

Most Recent

Most Recent

0 Comments

Order a PDF