As cybersecurity incidents, such as the Equifax data breach, continue to occur, states are beginning to recognize the need to impose cybersecurity requirements on companies in order to protect the personal information of individuals resident in the state.
Many states’ cybersecurity laws have traditionally been focused on penalizing hackers and cybercriminals for criminal behavior. However, over the past 24 months state lawmakers have shifted focus from the criminals to the companies responsible for data and digital assets they collect. Most notably, regulatory guidance that requires companies implement and maintain a host of cybersecurity policies and procedures aimed at reducing information security risk.
In this whitepaper, we have prepared a summary of eleven states with the most significant laws to-date.