Overview
The risk of cyberattacks remains high for government and businesses in 2022, influenced by vulnerabilities caused by remote work, an increasing reliance on e-commerce, and more sophisticated bad actors. The war in Ukraine and economic sanctions against Russia also prompted serious concerns about an increased potential for malicious cyber activity.
Cyberattacks disrupted unemployment benefits in several states and ransomware attacks continue to shut down operations or impose huge costs on government, schools and colleges and businesses.
State legislatures focusing on cybersecurity concerns in many ways in 2022, as detailed below.
2022 Introductions and Enactments
At least 40 states and Puerto Rico introduced or considered more than 250 bills or resolutions that deal significantly with cybersecurity. Twenty-four states enacted at least 41 bills in 2022 so far, as indicated in boldface in the list below. The most common enactments in 2022 will:
Other NCSL resources address related topics such as security breach laws and legislation, privacy and other issues.
Alaska
AK HB 3
Status: Enacted
Includes cybersecurity incidents in the definition of disaster.
Arizona
AZ HB 2145
Status: Failed
Relates to governmental entities, relates to ransomware payment, relates to prohibition.
AZ HB 2584
Status: Failed
Provides that the Arizona Department of Homeland Security shall secure through a competitive bidding process an enterprise license for use by agencies of the state for security software that will integrate security into the development process and scan software code in development, production and postproduction to detect and improve security threats through specified methods, makes an appropriation.
AZ HB 2690
Status: Failed
Relates to cybersecurity risk, relates to insurance.
AZ SB 1457
Status: Failed
Relates to voting, relates to equipment, relates to internet, relates to custody, relates to violation.
AZ SB 1465
Status: Failed
Relates to voting equipment, relates to requirements, relates to records, relates to origin.
AZ SB 1598
Status: Enacted
Relates to information technology, relates to security, relates to office, relates to State Department of Homeland Security, provides power and duties of the department, defines terms, relates to suspension of budget unit's information infrastructure.
AZ SB 1642
Status: Failed
Relates to election management systems, relates to security.
Michigan
MI HB 5036
Status: Enacted
Provides technology, management, and budget department to create resources concerning digital literacy and cyber safety on public website to House Communications and Technology Committee.
MI SB 520
Status: Pending
Provides technology, management, and budget department to create resources concerning digital literacy and cyber safety on public website.
MI SB 672
Status: Pending
Provides for an affirmative defense for covered entities with cybersecurity programs under certain circumstances.
New Jersey
NJ AB 493
Status: Pending
Requires public agencies report cybersecurity incidents to New Jersey Office of Homeland Security and Preparedness.
NJ AB 1450
Status: Pending
Concerns information security standards and guidelines for state and local government.
NJ AB 1671
Status: Pending
Requires state, county, and municipal employees and certain state contractors to complete cybersecurity awareness training.
NJ AB 1703
Status: Pending
Requires certain persons and business entities to maintain comprehensive information security program.
NJ AB 1848
Status: Pending
Requires state employees to receive best cybersecurity practices.
NJ AB 1962
Status: Pending
Directs state Cybersecurity and Communications Integration Cell, Office of Information Technology, and state Big Data Alliance to develop advanced cyberinfrastucture strategic plan.
NJ AB 1979
Status: Pending
Requires businesses in financial, essential infrastructure, and health care industries to report cybersecurity incidents.
NJ AB 1980
Status: Pending
Establishes cybersecurity employment grant program for qualified businesses, appropriates funds.
NJ AB 1981
Status: Pending
Requires businesses in financial, essential infrastructure, and health care industries to develop cybersecurity plans.
NJ AB 1982
Status: Pending
Requires instruction on cybersecurity in grades nine through 12, requires Office of Secretary of Higher Education to develop cybersecurity model curricula, establishes loan redemption programs for individuals in certain cybersecurity occupations.
NJ AB 1983
Status: Pending
Requires municipalities, counties, and school districts to report cybersecurity incidents, provides for reimbursement.
NJ AB 3379
Status: Pending
Requires public institutions of higher education to establish plans concerning cyber security and prevention of cyber attacks.
NJ AB 4013
Status: Pending
Requires each principal department in Executive Branch and each State college to conduct review of department's or college's cybersecurity infrastructure and make recommendations.
NJ AB 4050
Status: Pending
Provides protections for social media users, creates private cause of action for social media users whose accounts have been hacked and not restored by social media websites under certain circumstances.
NJ AB 4184
Status: Pending
Requires shared service incentive programs to allow hiring of information technology and cyber security professionals.
NJ AB 4444
Status: Pending
Requires certain persons and business entities to maintain comprehensive information security program.
NJ AJR 66
Status: Pending
Establishes state Cybersecurity Task Force.
NJ AJR 119
Status: Pending
Designates October of each year as Cyber Security Awareness Month.
NJ SB 297
Status: Pending
Provides that every public agency and government contractor shall report cybersecurity incidents to the New Jersey Office of Homeland Security and Preparedness, provides that the report shall be made within a specified number of hours of when the public agency or government contractor reasonably believes that a cybersecurity incident has occurred.
NJ SB 423
Status: Pending
Directs the state Cybersecurity and Communications Integration Cell, Office of Information Technology, and the State Big Data Alliance to develop an advanced cyber infrastructure strategic plan.
NJ SB 484
Status: Pending
Requires each government entity in the state to conduct review of cybersecurity infrastructure and make recommendations.
NJ SB 1860
Status: Pending
Creates affirmative defense for certain breaches of security.
NJ SB 2827
Status: Pending
Requires shared service incentive programs to allow hiring of information technology and cyber security professionals.
NJ SJR 12
Status: Pending
Establishes State Cybersecurity Task Force.
We are the nation’s most respected bipartisan organization providing states support, ideas, connections and a strong voice on Capitol Hill.
7700 East First Place
Denver, CO 80230
Tel: 303-364-7700 | Fax: 303-364-7800
444 North Capitol Street, N.W., Suite 515
Washington, D.C. 20001
Tel: 202-624-5400 | Fax: 202-737-1069