Bill Text: TX HB4996 | 2023-2024 | 88th Legislature | Introduced
NOTE: There are more recent revisions of this legislation. Read Latest Draft
Bill Title: Relating to a statewide cyber insurance program.
Spectrum: Slight Partisan Bill (Republican 2-1)
Status: (Introduced - Dead) 2023-05-11 - Placed on General State Calendar [HB4996 Detail]
Download: Texas-2023-HB4996-Introduced.html
Bill Title: Relating to a statewide cyber insurance program.
Spectrum: Slight Partisan Bill (Republican 2-1)
Status: (Introduced - Dead) 2023-05-11 - Placed on General State Calendar [HB4996 Detail]
Download: Texas-2023-HB4996-Introduced.html
| 88R8305 SCP-F | ||
| By: Bell of Montgomery | H.B. No. 4996 | |
|
|
||
|
|
||
| relating to a statewide cyber insurance program. | ||
| BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: | ||
| SECTION 1. DEFINITIONS. In this Act: | ||
| (1) "Department" means the Department of Information | ||
| Resources. | ||
| (2) "Office" means the State Office of Risk | ||
| Management. | ||
| (3) "Risk framework" means key security domains | ||
| identified by cyber insurance underwriters based on current | ||
| security controls. | ||
| (4) "Security controls" include: | ||
| (A) use of multiple security levels; | ||
| (B) managing user access; | ||
| (C) user authentication; | ||
| (D) network and server vulnerability; | ||
| (E) malware defense; | ||
| (F) operational technology; | ||
| (G) remote work; | ||
| (H) third-party vendor management; | ||
| (I) e-mail filtering; | ||
| (J) response planning; | ||
| (K) data encryption and backup; | ||
| (L) use of wireless devices and connections; | ||
| (M) monitoring users or devices; | ||
| (N) continuity of service; | ||
| (O) incident response; | ||
| (P) appropriate insurance coverage; and | ||
| (Q) governance. | ||
| SECTION 2. STUDY. Not later than October 1, 2023, the | ||
| department shall contract with a cyber risk model vendor to conduct | ||
| a study on the development of a statewide risk framework in order to | ||
| determine the need for and feasibility of implementing a statewide | ||
| cyber insurance program. The department shall enter into a | ||
| memorandum of understanding with the office to support this | ||
| assessment. | ||
| SECTION 3. INSURANCE PROGRAM. Based on the results of the | ||
| study required by Section 2 of this Act, the office may develop and | ||
| maintain a statewide cyber insurance program meeting the | ||
| specifications identified in the study. | ||
| SECTION 4. REPORT. Not later than April 1, 2024, the | ||
| department, in conjunction with the office, shall prepare and | ||
| submit to the governor and the legislature a report containing the | ||
| results of the study and any recommendations for legislative or | ||
| other action to address the need for and feasibility of requiring | ||
| cyber insurance. | ||
| SECTION 5. EXPIRATION. This Act expires September 1, 2025. | ||
| SECTION 6. EFFECTIVE DATE. This Act takes effect | ||
| immediately if it receives a vote of two-thirds of all the members | ||
| elected to each house, as provided by Section 39, Article III, Texas | ||
| Constitution. If this Act does not receive the vote necessary for | ||
| immediate effect, this Act takes effect September 1, 2023. | ||
