Home » What Every Company in Florida Should Know to Minimize Cyber Security Risk and Cyber Breach Costs.

Publication date: May 15, 2024

What Every Company in Florida Should Know to Minimize Cyber Security Risk and Cyber Breach Costs.

Share this content

Written by Angela Polania

Angela Polania, CPA, CISM, CISA, CRISC, HITRUST, CMMC RP. Angela is the Managing Principal at Elevate and board member, and treasurer at the CIO Council of South Florida.

What is the Florida House Bill 473

The House Bill 473, also known as the Cybersecurity Incident and Liability Act, is a significant shift in how cybersecurity incidents are handled legally in the state of Florida. The bill states that a county, municipality, other political subdivision of the state, covered entity, or third-party agent that complies with certain requirements is not liable in connection with a cybersecurity incident.  

The Cybersecurity Incident Liability Act and The Florida Information Protection Act (FIPA) specify the guidelines that businesses and government entities must comply with as well as federal laws including HIPAA and compliance with international standards like ISO 9001:2015, ISO 27001, and industry standards and frameworks like SOC 1 and SOC 2. By enforcing these standards as well as the Cybersecurity Incident Liability Act and FIPA contribute significantly to bolstering cybersecurity measures and help foster a stronger stance in cybersecurity.  

What it Means for Businesses in Florida 

The bill provides new liability protections for businesses that suffer data breaches despite the implementation of cybersecurity and data protection best practices. This means that the cyber security incident liability bill helps encourage businesses to adopt robust cybersecurity methods by limiting liability in case the business is found to be compliant with cybersecurity best practices. 

How to Stay Compliant 

  1. Familiarize House Bill 473: The Act provides that organizations are not liable in connection with a cybersecurity incident, but only if they substantially comply with relevant specified requirements outlined in the statute 
  1. Adoption of Recognized Cybersecurity Frameworks: 
    • NIST Framework: The framework is developed by the National Institute of Standards and Technology (NIST) that provides a set of industry standards and best practices to help organization managers and evaluate cybersecurity risks. 
    • FedRamp: The Federal Risk and Authorization Management Program (FedRAMP) provides a standard approach to security assessment, authorization, and continuous monitoring for cyber security threats. 
    • ISO 27001: It is an internationally recognized standard for Information Security Management System (ISMS).  It provides guidance for establishing, implementing, maintaining and continually improving an ISMS.  
  1. Compliance with Notification Provisions: The company must comply with the Florida Information Protect Act (FIPA) in notifying relevant agencies in case of a cyber security breach. This means an organization must report the breach to the Florida Department of Legal Affairs no later than 30 days after its determination.  
  1. Review and Revise Security Policies: Businesses should thoroughly review and revise existing security policies and procedures to align with the requirements of the House bill. 
  1. Conduct Risk Assessments: It is best practice to regularly conduct risk assessments to identify vulnerabilities and implement additional security measures to counter new threats or patch existing vulnerabilities. 
  1. Create an Incident Response Plan: Businesses should create an incident response plan and train their employees on it. This plan should outline the steps to be taken in the event of a cybersecurity incident 

These are just some of the key points in ensuring compliance with Florida House Bill 473. We recommend consulting with our experts so we can provide tailored steps to ensure your business stays compliant with the Act. 

How Elevate Can Help 

The Florida House Bill 473 was designed to foster and encourage businesses to adopt and maintain strong cyber security measures by providing guidance and steps in handling cyber security incidents.  Elevate helps businesses prepare for cyber security audits to ensure compliance with internationally recognized cyber security best practices.  

Our team of experienced auditors and technical experts is here to advise and implement tailored solutions to help ensure compliance on all cyber, privacy, and internal control audits. Contact us today to learn more about our tailored solutions.  

Related posts

Contact Us
(888) 601-5351

Office Hours
9am – 5pm EST

Skip to content