New Connecticut law creates liability protections for businesses implementing recognized cyber frameworks

July 14, 2021

Inside Cybersecurity

Connecticut Gov. Ned Lamont (D) has signed into law a measure that creates new incentives for businesses to employ “reasonable cybersecurity controls,” including protection from punitive damages.

“The bill, introduced by Representative Caroline Simmons, prohibits the Superior Court from assessing punitive damages against an organization that implements reasonable cybersecurity controls, including industry recognized cybersecurity frameworks such as the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) and the CIS Controls,” according to a release by the Center for Internet Security, which maintains the CIS controls.