The status of new cybersecurity laws proposed in California

As employers in the private and public sectors adjust to the advent of flexible work over the last two years, they're simultaneously trying to protect their organizations from attackers looking to steal and sell data.

2021 was a year defined by significant cyberattacks that crippled infrastructure and shut down hospitals, schools, and municipal governments. It's the same year the Colonial Pipeline, which supplies gasoline to millions living in the Northeast U.S., was hobbled by a ransomware attack that triggered a gas panic and elevated prices for consumers.

And lawmakers were paying attention—passing dozens of laws in 2022 aimed at training workers, securing government agencies, and funneling money into cybersecurity education programs.

Drata compiled a list of new cybersecurity-related legislation in California through February 2023 based on data collected by the National Conference of State Legislatures.

States that passed the most cybersecurity legislation in the past year:

#1. Maryland - 8 laws enacted

#2. Florida - 4

#3 (tie). Virginia - 3

#3 (tie). Kentucky - 3

California new cybersecurity laws in 2022
- Bills enacted: 2
- Bills failed: 0
- Bills vetoed: 0

CA AB 183
- Description: Establishes the Cybersecurity Regional Alliances and Multistakeholder Partnerships Pilot Program to address the cybersecurity workforce gap.
- Read more about the bill here

CA SB 154
- Description: Makes appropriations for the support of the government of the State of California, including funding to establish and operate the Office of Elections Cybersecurity and for other cybersecurity programs.
- Read more about the bill here