The proposed bill aims to prohibit public entities in Arkansas from paying ransoms in the event of a cyberattack. It mandates that these entities develop a policy that explicitly forbids such payments. The bill outlines the definition of a "public entity" as any organization funded wholly or partially by taxpayer money, which includes various state departments, public school districts, and institutions of higher education. The legislation is based on findings that paying ransoms not only fails to guarantee data recovery but also encourages further attacks on the same entities.

The bill includes specific provisions that define key terms such as "cyberattack," "public funds," and "ransom." It establishes that the prohibition on ransom payments will take effect on January 1, 2025, for most public entities, while certain educational institutions will have until January 1, 2027, to comply. The legislative findings emphasize the detrimental effects of ransom payments, citing statistics that indicate a high likelihood of repeated attacks on entities that have previously paid ransoms.