Earlier this year, Assemblyman Edwin Chau (D-Monterey Park) introduced Assembly Bill 2320. AB 2320, if passed, would require any business that contracts with the state and has access to records containing personal information protected under the state’s Information Practices Act (IPA) to maintain cyber insurance coverage. Information covered under the IPA includes names, social security numbers, physical descriptions, home addresses, home telephone numbers, education, financial matters, and medical or employment history. Requiring contractors to maintain cyber insurance will likely both shift the costs of cyberattacks from taxpayers to the private sector, while also encouraging robust cyber security practices among businesses of all sizes. While the bill has not yet passed, businesses will be best served by implementing and improving cybersecurity practices now in order to attain lowest premium rates in the future.
Incentivizing Best Practices
With the adoption of AB 2320, businesses will be incentivized to increase their security posture in order to receive lower premiums from insurers. Simultaneously, insurers will be incentivized to mandate best practices from their insureds in order to mitigate their risk of having to pay out on cyber insurance policies. Thus, cyber insurance will work as a vehicle to increase best practices in businesses and subsequently decrease vulnerabilities to cyberattacks.