The bill amends the Arkansas Self-Funded Cyber Response Program by updating definitions and clarifying the program's structure and coverage. Notably, it introduces a new definition for "cyber response contact," which refers to a designated individual or entity responsible for managing responses to cyberattacks on participating governmental entities. The bill also adds a provision stating that the program will serve as secondary coverage to any existing insurance that a governmental entity may have and will be used to reimburse losses as specified in the subchapter. Additionally, the bill repeals a section that previously held participating governmental entities liable for damages resulting from civil rights violations or tortious conduct by public officials or employees.

Further changes include the amendment of the Arkansas Cyber Response Board's responsibilities, such as establishing a definition of a cyberattack based on industry standards and setting minimum cybersecurity standards for participating entities. The maximum coverage amount for entities not meeting these standards is capped at $50,000. The bill also modifies the process for determining program coverage in the event of a cyberattack, ensuring that the cyber response contact can make timely decisions even if immediate consultation with the board is not feasible. Overall, these amendments aim to enhance the effectiveness and clarity of the Arkansas Self-Funded Cyber Response Program.

Statutes affected:
Old version HB1666 V2 - 4-8-2025 10:51 AM: 21-2-803, 04-08-2025, 21-2-804(a), 21-2-804(e), 21-2-805(a), 21-2-805(b)
Old version HB1666 Original - 3-4-2025 02:09 PM: 21-2-803, 21-2-804(a), 21-2-804(e), 21-2-805(a), 21-2-805(b)
HB 1666: 21-2-803, 21-2-804(a), 21-2-804(e), 21-2-805(a), 21-2-805(b)
Act 656: 21-2-803, 04-08-2025, 21-2-804(a), 21-2-804(e), 21-2-805(a), 21-2-805(b)