Connecticut House Bill 6607 is an act incentivizing the adoption of cybersecurity standards for businesses. The bill establishes legal protections for organizations that voluntarily adopt certain recognized cybersecurity best practices and implement a written information security program.
John McGloughlin, CEO of GuardSight, indicated in his written testimony that HB 6607 provides a positive way of protecting information rather than imposing fines on businesses. “House Bill 6607 provides an affirmative defense to businesses that adopt a prescribed Cybersecurity program to protect personal information and are subject to a tort claiming an alleged failure to implement reasonable Cybersecurity controls that resulted in a data breach.”
Small to medium-sized businesses (SMBs) are the most vulnerable and frequently represent an attractive “soft target” opportunity for cybercriminals. The SMB victim of a significant Cyberattack often experiences extreme monetary ruin and is frequently shuttered completely. In some instances, the SMB supplies a conduit for access by the Cybercriminal into the large “hard target” businesses through the supply chain, resulting in everything from large-scale theft to espionage to danger to citizens themselves.”
McGloughlin states that HB 6607 is a step in the right direction. It encourages improvements to cyber hygiene and posture using practical and reliable standards, making companies of all sizes less vulnerable to attack, thereby protecting assets, critical infrastructure, intellectual property, consumer data, and national secrets.