Ohio Enacts Law Aimed at Incentivizing Compliance with Well-known Cybersecurity Industry Standards

    View Author September 2018

    A growing trend among businesses to reduce their exposure to cyberattacks has resulted in substantial improvements in cybersecurity, but has done little to halt the onslaught of post-breach litigation that calls into question the adequacy of the victim-business’ controls. Even organizations with the most robust and mature cybersecurity programs have little hope of avoiding exposure to tort-based litigation following a data breach. New legislation in Ohio, set to go into effect in November, may help ward off litigation against companies that maintain cybersecurity programs in compliance with industry standards.