In December 2024, Utah Business highlighted the impact of House Bill 80 (HB80), the Cybersecurity Affirmative Defense Act, enacted during Utah’s 2021 Legislative Session. This legislation offers businesses an affirmative defense against lawsuits following a security breach, provided they can demonstrate adherence to established cybersecurity frameworks, such as those from the National Institute of Standards and Technology (NIST).
John Pohlman, Director of Information Security Services here at Tanner LLC, praised HB80 as “probably the best piece of legislation I’ve seen the state legislature put out.” He emphasized that the law incentivizes organizations to invest in cybersecurity by offering legal protections rather than imposing penalties. Pohlman noted that compliance is accessible, with businesses needing to show reasonable conformity to NIST guidelines through measures like regular risk assessments and addressing identified vulnerabilities. He estimated that an investment of less than $10,000 in a third-party audit and a five-year cybersecurity plan could bring most businesses into compliance. Despite these advantages, Pohlman observed that many companies remain hesitant to act, often due to fears surrounding cybersecurity threats. He encourages businesses to leverage HB80’s protections, highlighting the state’s supportive stance for those committed to improving their IT security controls.
View the entire article on the Utah Business Magazine website.
We’d love to help you take advantage of HB80- reach out to John Pohlman at john@tannerco.com.