If Passed, New Bill AB 2320 Will Mandate Cyber Insurance For State Government Contractors

Newmeyer Dillion

Earlier this year, Assemblyman Edwin Chau (D-Monterey Park) introduced Assembly Bill 2320. AB 2320, if passed, would require any business that contracts with the state and has access to records containing personal information protected under the state’s Information Practices Act (IPA) to maintain cyber insurance coverage. Information covered under the IPA includes names, social security numbers, physical descriptions, home addresses, home telephone numbers, education, financial matters, and medical or employment history. Requiring contractors to maintain cyber insurance will likely both shift the costs of cyberattacks from taxpayers to the private sector, while also encouraging robust cyber security practices among businesses of all sizes. While the bill has not yet passed, businesses will be best served by implementing and improving cybersecurity practices now in order to attain lowest premium rates in the future.

Incentivizing Best Practices

With the adoption of AB 2320, businesses will be incentivized to increase their security posture in order to receive lower premiums from insurers. Simultaneously, insurers will be incentivized to mandate best practices from their insureds in order to mitigate their risk of having to pay out on cyber insurance policies. Thus, cyber insurance will work as a vehicle to increase best practices in businesses and subsequently decrease vulnerabilities to cyberattacks.

Shifting Costs to Private Sector

Cyberattacks have become more frequent and are increasingly expensive. On average, cyber incidents cost $200,000, according to insurance carrier Hiscox. Small businesses take the biggest hit as 60% of affected businesses go out of business within six months. If these small businesses are required to maintain cyber insurance, the cost of these cyber incidents shift to the insurer, reducing the number of small businesses that will be bankrupted by cyberattacks.

What Can You Do?

In order to best protect your business and also ensure you receive the lowest premiums from insurers it is pertinent to maintain the best cybersecurity practices possible. Newmeyer Dillion recommends the following practices to protect your business from cyber threats:

  • Develop a risk assessment process to identify and mitigate cybersecurity risks
  • Adopt and implement policies and procedures regarding identified risks
  • Implement updated controls to determine appropriate users for organization systems
  • Establish policies and procedures for mobile device use and implement security measures for internal and external users
  • Establish a vendor management program to ensure that vendors meet your organization security requirements
  • Train staff to implement cybersecurity established policies

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Newmeyer Dillion | Attorney Advertising

Written by:

Newmeyer Dillion

Newmeyer Dillion on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.