State-by-State Breakdown of Cybersecurity Legislation

As cybersecurity incidents, such as the Equifax data breach, continue to occur, states are beginning to recognize the need to impose cybersecurity requirements on companies in order to protect the personal information of individuals resident in the state.

Many states’ cybersecurity laws have traditionally been focused on penalizing hackers and cybercriminals for criminal behavior. However, over the past 24 months state lawmakers have shifted focus from the criminals to the companies responsible for data and digital assets they collect. Most notably, regulatory guidance that requires companies implement and maintain a host of cybersecurity policies and procedures aimed at reducing information security risk.

In this whitepaper, we have prepared a summary of eleven states with the most significant laws to-date.

Request Whitepaper

Philip Brudney

Philip leads Security, Privacy, and Compliance research and quality assurance at risk3sixty. He oversees privacy and attestation reporting and is the co-quality assurance manager for the assurance practice where he is responsible for ensuring each engagement meets risk3sixty’s rigorous quality standards in line with AICPA requirements. Phil leads development and peer review of thought leadership, research, and whitepapers. In addition, Phil acts as the Data Protection Officer (DPO) for a wide array of US based firms facing GDPR compliance.