Stacker Studio

The status of new cybersecurity laws proposed in Kentucky

Written by:
April 14, 2023

This story originally appeared on Drata and was produced and distributed in partnership with Stacker Studio.

The status of new cybersecurity laws proposed in Kentucky

As employers in the private and public sectors adjust to the advent of flexible work over the last two years, they're simultaneously trying to protect their organizations from attackers looking to steal and sell data.

2021 was a year defined by significant cyberattacks that crippled infrastructure and shut down hospitals, schools, and municipal governments. It's the same year the Colonial Pipeline, which supplies gasoline to millions living in the Northeast U.S., was hobbled by a ransomware attack that triggered a gas panic and elevated prices for consumers.

And lawmakers were paying attention—passing dozens of laws in 2022 aimed at training workers, securing government agencies, and funneling money into cybersecurity education programs.

Drata compiled a list of new cybersecurity-related legislation in Kentucky through February 2023 based on data collected by the National Conference of State Legislatures.

States that passed the most cybersecurity legislation in the past year:

#1. Maryland - 8 laws enacted

#2. Florida - 4

#3 (tie). Virginia - 3

#3 (tie). Kentucky - 3

Kentucky new cybersecurity laws in 2022
- Bills enacted: 2
- Bills failed: 0
- Bills vetoed: 0

KY HB 474
- Description: Relates to insurance data security, provides that each licensee shall develop, implement, and maintain a comprehensive written information security program based on the licensees risk assessment that contains administrative, technical, and physical safeguards for the protection of nonpublic information and the licensees information system.
- Read more about the bill here

KY SB 298
- Description: Requires investment advisers to establish written procedures relating to a business continuity and succession plan, requires investment advisers to establishes and implement written physical security and cybersecurity policies and procedures, establishes continuing education requirements for investment adviser representatives on a specified date.
- Read more about the bill here

Trending Now