New cybersecurity law in effect

Share on facebook
Share on twitter
Share on linkedin
Share on email
Share on whatsapp

South Carolina became the first state in the U.S. to pass HB 4655, a law requiring insurers to establish a “strong and aggressive” cyber program to protection companies and their clients from data breaches. Effective January 1, 2019, the law creates rules for insurers, agents and other licensed entities to cover data security to include maintaining and information security program based on ongoing risk assessment, detection, investigation and notification of breaches, and notifying regulators should a cyber event occur.

Forty two state currently have law, bills or resolutions regarding cybersecurity.  Many businesses do not realize they fall under these requirements even if they do not maintain protected data that would require compliance with other mandates, such as Payment Card Industry (PCI), HIPAA for healthcare, or GDPR for protecting data of EU citizens.

So how do we help business to determine which mandate(s) apply to them, if they are meeting the requirements, and if not, how they can become compliant?

Typically an initial consultation to confirm the cyber requirements starts with:

  • Where is the business located?
  • Where does the organization do business?
  • What type(s) of data are processed?

Once the requirements have been established, a gap assessment can be performed to verify compliance.  For any areas found non-compliant, the auditor can either provide valid reason why the control does not apply, or make a recommendation for how to best meet the requirement given the organization’s risk.



Foresite admin
Website | + posts

Sign Up For Our Blog

Get our latest content delivered to your inbox.

partner with foresite consulting to become a More Effective Leader

Develop the skills and strategies you need to take your company to the next level of success.

Foresite Cybersecurity Announces Pivot to Open XDR & Compliance Platform