Hold the punitive damages: Connecticut is latest to incentivize implementing cybersecurity frameworks

Connecticut’s new cybersecurity standards law, which goes into effect on October 1, 2021, protects companies from punitive damages in certain data breach actions where an organization has a cybersecurity program that conforms with an enumerated “industry-recognized cybersecurity framework.” It is the latest in a series of U.S. state efforts to incentivize companies to demonstrate that their cybersecurity programs are aligned with recognized frameworks and thus meet a reasonable standard of care. SOURCE