Issue link: https://nebusinessmedia.uberflip.com/i/1543980
26 HARTFORDBUSINESS.COM | MARCH 23, 2026 HARTFORDBUSINESS.COM | MARCH 23, 2026 29 Opinion & Commentary EDITOR'S TAKE Fast-tracked legislation weakens good governance I n business, rushing a major deci- sion can often lead to poor results. The same principle should apply in government. Yet in recent years, Connecticut lawmakers have increas- ingly relied on fast-tracked legislation, emergency-certified bills or special sessions to pass complex policies with limited debate. That approach may move legislation quickly, but it often comes at the expense of transparency, scru- tiny and ultimately good governance. The most striking example is the ongoing saga surrounding the proposed sale of Aquarion Water Co., the state's largest water utility. The $2.4 billion transaction between Eversource and the newly formed Aquarion Water Authority traces back to a law passed during a 2024 special legislative session that allowed the South Central Connecticut Regional Water Authority to pursue the deal. That legislation moved quickly through the Capitol and received little public scrutiny at the time. Today, the consequences of that rushed process are still playing out. The deal has become entangled in legal challenges, regulatory reviews and growing political opposition. The Public Utilities Regulatory Authority initially rejected the transaction last year, citing governance concerns and potential risks to consumers. But a court later overturned PURA's denial, finding that the regulator had overstepped its authority in blocking governance structures that were explic- itly allowed under the 2024 law passed by the legislature. Then, earlier this month, PURA reversed course and preliminarily approved the sale despite continuing concerns about governance and poten- tial costs to ratepayers, concluding that the statutory framework created by the legislature leaves the agency without sufficient grounds to deny the deal. A final decision is scheduled for March 25. Meanwhile, lawmakers have floated new legislation that attempts to revisit or modify the very framework they created less than two years ago. That kind of legislative whiplash is exactly what can happen when complex policy decisions are rushed through the Capitol without a thorough vetting process. The Aquarion situation is not the only recent example. Last year, lawmakers passed a sweeping housing reform bill during a special session after Gov. Ned Lamont vetoed an earlier version of the legislation. Housing policy is one of the most complicated and politically sensitive issues facing Connecticut, touching everything from zoning laws to municipal finances. Yet the revised bill was pushed through during a two-day special session — limiting the time available for public review and input. Regardless of where one stands on the merits of the policy, major struc- tural changes to Connecticut's housing system should not be rushed through under compressed timelines. The same concern applies to the legislature's recent use of emergency-certified bills. In late February, Democratic lawmakers approved two such measures, including a sweeping, nearly 100-section bill covering a wide range of topics, from earmarks for specific organizations to warehouse worker regulations that had already been the subject of heated debate. Emergency-certified legislation bypasses the normal committee process and avoids public hearings. It is meant for situations that require immediate action. But many of the provisions included in that bill clearly did not meet that standard. Even Gov. Lamont raised concerns about the process, using his line-item veto authority to remove several earmarks from the measure and writing that his objection was not to the programs themselves, but to how the legislation moved through the Capitol. Emergency bills and special sessions should be reserved for true crises — natural disasters, fiscal emergencies or urgent public safety threats. They should not become routine tools for advancing complicated or controversial policy. Connecticut's legislature has been dominated by one party for many years. That reality makes the need for strong internal checks even more important. When political competition is limited, the legislative process itself must serve as the guardrail. Good governance takes time. And when it comes to public policy, getting it right should matter far more than getting it done quickly. EXPERT'S CORNER 10 tips for lowering your cyber insurance premium By Chris Wisneski I n 2026, businesses and nonprofit organizations are increasingly at risk of cyberattacks that can lead to very costly breaches. Even a single incident can have severe consequences. In fact, the average cost of a data breach can exceed $4 million. For small and medium organi- zations, responding to a security breach usually costs more than $100,000. Cyber insurance companies are raising their minimum require- ments for coverage. Many now scan customer networks for vulnerabilities and require controls like multi-factor authentication and security awareness training to qualify for a policy. The good news is, you can take steps to lower your cyber insurance costs and get more value from your policy. Here's how you can lower your cyber insurance rates before you start shop- ping for coverage. 1. Multi-factor authentication A very effective way to lower cyber insurance costs is to use multi-factor authentication on all email and high-ac- cess accounts. MFA adds another layer of security by asking users to confirm their identity. MFA improves security by asking for two or more types of identity checks: something you know, like a password; something you have, like a token; or something you are, like a fingerprint. 2. Password managers Using a password manager is another good way to lower cyber insurance costs. Password managers create strong, unique passwords for every account and keep them safe in an encrypted vault. Since most people have many pass- words to remember, password managers also make daily work easier and help prevent frustration from forgotten logins. 3. Train your employees Studies show that over 90% of security breaches happen because of human error. That's why security awareness training is so important for reducing risk. Security awareness training teaches employees how to spot phishing emails, make strong passwords and protect sensitive information. When your employees protect data well, your organization is less risky to insurers. By 2026, security awareness training is a required best practice and should be part of your main security controls. 4. Software updates It's essential to keep your software up to date. Updates often include secu- rity patches that protect your systems from new threats. Make sure you have an automated patch management system that covers your operating systems, third-party apps and network devices like firewalls. Cyber- criminals often go after organizations that don't keep their systems updated. 5. Cybersecurity tools Investing in cybersecurity tools is another critical step. These tools may include firewalls, antivirus software, application whitelisting, intrusion detection and prevention systems, and managed detection and response solutions. 6. Incident response plan An incident response plan is a key part of any security program. It explains what your organization will do if there's a cyberattack or data breach. Having a written plan helps limit damage and lowers the overall impact and cost of an incident. 7. Continuity planning and image-based backup solutions Business continuity and disaster recovery plans are important parts of a strong security program. They help you recover systems and data quickly after a breach or disruption. Modern backup plans should use image-based backups, which save full system images for faster and more complete recovery. Use both local and cloud backups for the best protection. 8. Monitor your systems Monitoring your systems helps you spot threats, vulnerabilities and outages as they happen. Check logs and activity often to catch unusual behavior early. Active monitoring can stop small problems from turning into expensive security incidents and can mean the difference between a quick fix and major financial or legal trouble. 9. Be proactive Taking action early is one of the best ways to lower your cyber insurance premium and avoid surprise costs. When you lower your risk now, you can get lower premiums and are less likely to have future claims that raise your rates. 10. Consider a cybersecurity assessment A professional assessment can help you understand your risks, strengthen your defenses and better prepare for today's cyber insurance requirements. Chris Wisneski is an IT security and assurance services manager at Hart- ford-based accounting and consulting firm Whittlesey. Greg Bordonaro Chris Wisneski