Issue link: https://nebusinessmedia.uberflip.com/i/1507605
30 HARTFORDBUSINESS.COM | SEPTEMBER 18, 2023 FOCUS: ACCOUNTING IMAGE | PIXABAY/GERALT Employer shield law boosts cybersecurity interest amid high-profile attacks, litigation By Michelle Tuccitto Sullo msullo@hartfordbusiness.com C ybercriminals in recent months have launched attacks against several Connecticut employers in an attempt to make money, from the city of New Haven to the owner of three local hospitals. Meanwhile, several lawsuits have been filed in recent months over past attacks, not against the unknown perpetrators, but against the targets that have been breached, from healthcare providers to banks and insurers. In the two years since Connecticut lawmakers created some legal protections for businesses that adopt accepted cybersecurity standards, companies large and small have worked to boost their computer and network security, experts said. The legislation, which went into effect in October 2021, protects businesses from punitive damages in the case of a data breach where personal or restricted information is accessed, as long as companies have adopted and adhered to appro- priate cybersecurity measures. Businesses and other organizations have sought to make their networks impenetrable to hackers — not only to prevent cyber attackers from gaining access, but also to protect themselves from potential litigation if individuals' private information is accessed, experts said. Ashley Zane, a lobbyist with the Connecticut Business & Industry Association, said her organization has seen a "huge focus on cybersecurity" following the law's passage. The manufacturing industry in particular has been looking to improve cybersecurity, especially businesses that are suppliers to major Connecticut defense compa- nies, like Sikorsky and Electric Boat, Zane said. "There's been a huge focus on those small to midsize companies to upgrade their cybersecurity, because one way for a cybercriminal to get at a Sikorsky or a Pratt & Whitney is through one of the smaller compa- nies," Zane said. Punitive damages The Federal Bureau of Investi- gation's Internet Crime Complaint Center received 800,944 complaints last year, with cybercrime losses exceeding $10.3 billion, according to the FBI's 2022 Internet Crime Report. Chris Wisneski, manager of IT security and assurance services with accounting and consulting firm Whittlesey, said he's seen a "huge increase" since the 2021 law's passage of businesses seeking to improve their cybersecurity to meet industry-recognized standards. It ranges from credit unions to nonprofits and schools, from very small businesses to large ones, he said. His firm recently helped a nonprofit with just four employees and a law firm with two. "We're seeing all size organizations just really pick up on this and realize this is a must, that they have to do this," Wisneski said. "By (lawmakers) putting that law in place, it has certainly prompted companies to take cybersecurity a little more seriously, especially with the protection from punitive damages." Michael Grande, president and CEO of Vancord, a Milford- based cybersecurity services provider, said the law has prompted businesses to make cyber upgrades. For many organizations, however, the biggest motivator for making cybersecurity enhancements has been related to their ability to obtain cyber liability insurance, as carriers often insist on a security program, Grande said. The incentive of securing lower premiums has also been a factor, he added. Sherwin M. Yoder, an attorney who leads the privacy and data security practice at law firm Carmody Torrance Sandak & Hennessey, said he's seen more interest from businesses calling his firm about cybersecurity. Michael Grande Sherwin Yoder Chris Wisneski Ashley Zane