Cyber threat trends in 2022 indicate everyone’s data is under a bigger threat than ever before. Of companies worldwide, 64 percent have experienced at least one form of cyber-attack and six in every ten attacks intended to extort money from companies and individuals.
U.S. state government databases hold a vast amount of data about citizens – data that hackers find irresistible – including tax and financial information, Social Security numbers, and driver’s license information.
All states have security measures in place to protect data and systems, but at least 35 states enacted new cyber security legislation bills in 2021 alone. For the most up-to-date information, please click HERE.
Among the bills enacted, about half the states provide for strengthened security measures to protect government resources. For example:
- Several states require government entities to destroy or dispose of personal information so it is unreadable or indecipherable. In addition, at least 24 states also have data security laws that apply to private entities.
- An increasing number of state laws require specific measures to protect sensitive information from unauthorized access, destruction, use, modification, or disclosure.
- Other state and federal laws address the security of health care data, financial or credit information, social security numbers or other specific types of data.
Often, a state’s regulations define and control the way that companies collect, store, and process data. For example, the laws of several states are modeled after the California Consumer Privacy Act (CCPA) that allows any California consumer to demand to see all information a company has saved on them, as well as a full list of all the third parties that data is shared with. Additionally, the law allows consumers to sue companies if the privacy guidelines are violated – even if there is no breach.
New policy questions about data privacy have state lawmakers addressing an array of issues arising from online activities. California is one of several states across the country that signed new, comprehensive privacy laws, but many more states will pass and likely enact their own privacy laws this year. Another great resource to track US State Privacy Legislation can be found HERE.
Proactive Defense is Key
Abiding by data security and privacy protocols not only protects one’s company from legal challenge, but it can also mean one’s company, employees and customers are less likely to fall victim to a cyberattack.
Organizations are strongly encouraged to continue:
- monitoring the increasing obligations governing state privacy and data security rules,
- learning how each state’s rules apply,
- patching all systems regularly to limit risk exposure,
- practicing response plans in the event of a cyber-attack,
- investing in strong cyber security training for employees,
- understanding the numerous cyber risks and attack trends, and
- managing their compliance to minimize company exposure.
If you would like to discuss this topic further, please contact Greg Keith, NEI Chief Information Officer.