88R8305 SCP-F
By: Bell of Montgomery H.B. No. 4996
A BILL TO BE ENTITLED
AN ACT
relating to a statewide cyber insurance program.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
SECTION 1. DEFINITIONS. In this Act:
(1) "Department" means the Department of Information
Resources.
(2) "Office" means the State Office of Risk
Management.
(3) "Risk framework" means key security domains
identified by cyber insurance underwriters based on current
security controls.
(4) "Security controls" include:
(A) use of multiple security levels;
(B) managing user access;
(C) user authentication;
(D) network and server vulnerability;
(E) malware defense;
(F) operational technology;
(G) remote work;
(H) third-party vendor management;
(I) e-mail filtering;
(J) response planning;
(K) data encryption and backup;
(L) use of wireless devices and connections;
(M) monitoring users or devices;
(N) continuity of service;
(O) incident response;
(P) appropriate insurance coverage; and
(Q) governance.
SECTION 2. STUDY. Not later than October 1, 2023, the
department shall contract with a cyber risk model vendor to conduct
a study on the development of a statewide risk framework in order to
determine the need for and feasibility of implementing a statewide
cyber insurance program. The department shall enter into a
memorandum of understanding with the office to support this
assessment.
SECTION 3. INSURANCE PROGRAM. Based on the results of the
study required by Section 2 of this Act, the office may develop and
maintain a statewide cyber insurance program meeting the
specifications identified in the study.
SECTION 4. REPORT. Not later than April 1, 2024, the
department, in conjunction with the office, shall prepare and
submit to the governor and the legislature a report containing the
results of the study and any recommendations for legislative or
other action to address the need for and feasibility of requiring
cyber insurance.
SECTION 5. EXPIRATION. This Act expires September 1, 2025.
SECTION 6. EFFECTIVE DATE. This Act takes effect
immediately if it receives a vote of two-thirds of all the members
elected to each house, as provided by Section 39, Article III, Texas
Constitution. If this Act does not receive the vote necessary for
immediate effect, this Act takes effect September 1, 2023.