Are states ill-equipped to manage cybersecurity?

Report: State legislatures taking cyber seriously

With cyberattacks increasing in frequency and complexity, state legislators are stepping up security requirements, according to recent report from Edgile, a cyber risk and regulatory compliance firm.

In 2017, 240 bills and resolutions related to cybersecurity were introduced across 42 states -- more than double the number in 2016 -- and at least 27 states enacted related legislation. Bills and resolutions introduced in 2017 included the targeting of computer crimes, restricting public disclosure of sensitive data and the implementation of workforce security training.

Besides introducing legislation, Illinois, Massachusetts and Washington filed actions against Equifax and Uber based on violations of state and local information protection laws.

As states ramp up legislation, actions by federal agencies suggested "a measure of relaxation of enforcement authority in areas impacting consumer information privacy and security," the company said, citing the repeal of net neutrality and changes at the Consumer Financial Protection Bureau.

“Where the Federal government has either failed to implement uniform legislation addressing personal information privacy issues, or has retreated from regulatory enforcement of existing privacy protections, states have moved to fill the void by enacting their own legislation and strengthening enforcement efforts to protect the privacy interests of their citizens,” Edgile Partner David Deckter said.

Another recent report on the states most at risk found that the cybercrime complaints and estimated losses for 2018 roughly correspond to state population, but Michigan – the 10th most populous state --  ranked fourth in estimated number of cybercrime complaints for 2018 and was expected to have the most complaints per 100,000 residents.

The average yearly growth in the number of complaints is highest in Florida, with more than 1,421 additional complaints each year on average.  New York, by contrast, has reduced its cybercrime complaints by around 349 each year, even though complaints there are the most expensive -- each reported cybercrime costs victims $7,149 on average.


Charter Sponsors