x
Limited Time Offer: Save up to 20% on a new CIS SecureSuite Membership | Learn more
×
Why CIS Solutions Join CIS Resources
CIS WorkBench Sign-in CIS WorkBench Sign In CIS Hardened Images CIS Hardened Images Support CIS Support


Why CIS

Who We Are

CIS is an independent, nonprofit organization with a mission to create confidence in the connected world



About Us Leadership Principles Testimonials

Solutions

secure your organization
Secure Your Organization


secure specific platforms
Secure Specific Platforms


cis securesuite CIS SecureSuite® Learn More      Apply Now  
u s state local tribal and territorial governments
U.S. State, Local, Tribal & Territorial Governments


View All Products & Services  

Join CIS

Get Involved

Join CIS as a member, partner, or volunteer - or explore our career opportunities



CIS SecureSuite® Membership Multi-State ISAC (MS-ISAC®) Elections Infrastructure ISAC (EI-ISAC®) CIS CyberMarket® Vendors CIS Communities Careers

Resources

resources
Resources


learn
Learn


filter by topic
Filter by Topic


View All Resources  
CIS Logo Show Search Expand Menu

Hold the punitive damages: Connecticut is latest to incentivize implementing cybersecurity frameworks

October 1, 2021

JDSupra

The Connecticut law, An Act Incentivizing the Adoption of Cybersecurity Standards for Businesses, creates a “safe harbor” from punitive damages for businesses in tort cases where a data breach stemmed from an alleged failure to implement reasonable cybersecurity controls.  To benefit from the law, the business must have adopted one of six named industry frameworks (plus a seventh where payment card information is involved) or conform with the requirements of one of three federal legal frameworks.  This protection does not apply where “such failure to implement reasonable controls was the result of gross negligence or willful or wanton conduct.”