Governor Lamont Signs Legislation Strengthening Cybersecurity in the Private Sector, Announces Historic Investment for the Public Sector
(STORRS, CT) – Governor Ned Lamont today held a bill signing ceremony at the UConn Tech Park in Storrs to commemorate the adoption of legislation that incentivizes businesses to adopt and adhere to cybersecurity standards
Supported by the state’s business community, the legislation protects businesses from punitive damages if personal or restricted information is improperly accessed, maintained, communicated, or processed, so long as such businesses have adopted and adhered to appropriate cybersecurity measures. It does not diminish other important legal rights and actions that individuals and businesses can take after a cyber breach.
The legislation is Public Act 21-119, An Act Incentivizing the Adoption of Cybersecurity Standards for Businesses. It goes into effect on October 1, 2021.
During today’s ceremony, Governor Lamont also announced an $11 million investment to support the State of Connecticut’s enhanced cybersecurity efforts, with an initial $8.2 million on the agenda for the State Bond Commission at its upcoming meeting.
“This bipartisan bill is just another reason Connecticut is becoming a better place to do business every day,” Governor Lamont said. “Bills like this one meet two important goals – ensuring that our state is operating in the most business friendly ways, and also improving the security of consumers’ data. Further, the state’s investments in cybersecurity and the hiring of our first Chief Information Security Officer will help the state improve its cybersecurity posture, which will improve the resilience of state services and protect our residents and businesses.”
“Technology is improving the world around us for both businesses and individuals, but it comes with its own risks,” Josh Geballe, commissioner of the Department of Administrative Services and the state’s chief operating officer, said. “Under Governor Lamont’s leadership, we are modernizing and centralizing our technology systems in ways that not only improve the quality of the services we provide but also makes them more secure. Everyday businesses and governments alike battle with hackers and criminals, and these types of investments will help us deploy additional cybersecurity processes and technology to strengthen our defenses.”
“Trust and security are at the heart of the relationship between businesses, residents, and their digital government,” Mark Raymond, Connecticut’s chief information officer, said. “We are delivering on Governor Lamont’s vision of an all-digital government by raising our skills and deploying technology in ways that build confidence of the people we serve.”
“Investing in cybersecurity is an expensive decision that requires a company to dedicate time, staffing, and financial resources to be successful,” Eric Gjede, vice president of government affairs for the Connecticut Business and Industry Association (CBIA) said. “This legislation is critical for protecting our most vulnerable industries from the increasing threat of cyberattacks.”
“Cybersecurity readiness and adapting to new and evolving threats is imperative to the sustainability of all businesses, particularly defense contractors, who are held to high compliance standards,” Beatriz Gutierrez, president and CEO of CONNSTEP, which supports small and medium-sized manufacturers throughout Connecticut, said.
“Cybersecurity is an area of critical importance to Connecticut and the nation, and we want to extend our thanks to Governor Lamont for his leadership in this key policy area,” UConn Interim President Dr. Andrew Agwunobi said. “As a public university, UConn has a vital role to play in the innovation and development of new methods of data detection, protection, and recovery. On behalf of the entire university, it is an honor to partner with the state and its private industries in our shared goals of enhancing Connecticut’s cybersecurity infrastructure.”
Earlier this year, Governor Lamont announced the launch of a year-long process of building a new information technology organization within state government that will centralize the coordination of the state’s IT resources by the Department of Administrative Services, which includes the creation of Connecticut’s first Chief Information Security Officer, a position that has been filled by Jeff Brown. That process will establish an organization capable of delivering modern IT solutions to support state agencies and the public.
“Across the globe, cybersecurity risks continue to rise,” Brown said. “Connecticut is investing in cybersecurity and technology in new ways to protect our residents and businesses. We are bringing our statewide information technology team together into one, collaborative organization that will help us identify and deter cybersecurity incidents faster, bring everyone onto streamlined platforms, and ultimately protect more private information.”