The bill amends the Arkansas Self-Funded Cyber Response Program by updating definitions and clarifying the program's structure and coverage. Notably, it removes the previous definition of a "cyber response panel," which included a group of entities activated to assist governmental entities after a cyberattack. Instead, the bill emphasizes the role of a "cyber response contact," who is designated by the Arkansas Cyber Response Board to be the initial point of contact for entities affected by cyberattacks. Additionally, the bill introduces new provisions stating that the program will serve as secondary coverage to any existing insurance a participating governmental entity may have and will be used to reimburse losses as specified in the subchapter.

Furthermore, the bill repeals a section that held participating governmental entities legally liable for damages resulting from civil rights violations or tortious conduct by public officials or employees. It also updates the Arkansas Cyber Response Board's responsibilities, including establishing a definition of a cyberattack based on industry standards and setting minimum cybersecurity standards for participating entities. The maximum coverage amount for entities not meeting these standards is capped at $50,000. Overall, the amendments aim to streamline the response to cyberattacks and clarify the roles and responsibilities of the involved parties.

Statutes affected:
Old version HB1666 Original - 3-4-2025 02:09 PM: 21-2-803, 21-2-804(a), 21-2-804(e), 21-2-805(a), 21-2-805(b)
HB 1666: 21-2-803, 21-2-804(a), 21-2-804(e), 21-2-805(a), 21-2-805(b)