When we examine where the dragons be in cyber litigation, you’ll start to realize that there are safer, deeper ports in which to anchor. And those are just about every state in the Union and every federal agency that has cybersecurity regulations where “reasonability” is the standard of care.
On Sept. 1, 2025, Texas will begin providing safe harbor to small companies who suffer data breaches. See, Texas S.B. No. 2610. They will be the sixth state to do so, depending on what you consider “safe harbor” to be. Each state has its own way to offer it.
The new Texas law states that a breached company is sheltered from “exemplary damages,” (punitive damages), when they “conform to an industry-recognized cybersecurity framework.”
By Chris Cronin
