BILL ANALYSIS

 

 

Senate Research Center

H.B. 3390

87R3774 CXP-F

By: Thompson, Ed (Blanco)

 

Transportation

 

5/3/2021

 

Engrossed

 

 

 

AUTHOR'S / SPONSOR'S STATEMENT OF INTENT

 

In 2020, the Texas Department of Transportation (TxDOT) determined there was unauthorized access to the agency's network in a ransomware attack. Fortunately, TxDOT was able to quickly identify, quarantine, and address the attack to minimize disruptions to its operations across Texas.

 

As TxDOT continues to upgrade and refine its IT systems, the existing insurance policy covering these systems is inadequate and TxDOT should be able to obtain a separate insurance policy for cybersecurity.

 

H.B. 3390 authorizes TxDOT to purchase insurance coverage to protect against liability, revenue and property losses that may result from a data breach or cyber attack.

 

H.B. 3390 amends current law relating to the purchase of cybersecurity insurance coverage by the Texas Department of Transportation.

 

RULEMAKING AUTHORITY

 

This bill does not expressly grant any additional rulemaking authority to a state officer, institution, or agency.

 

SECTION BY SECTION ANALYSIS

 

SECTION 1. Amends Subchapter I, Chapter 201, Transportation Code, by adding Section 201.712, as follows:

 

Sec. 201.712. PURCHASE OF CYBERSECURITY INSURANCE. (a) Defines "cyber attack."

 

(b) Authorizes the Texas Department of Transportation (TxDOT) to purchase insurance coverage that TxDOT considers necessary to protect against liability, revenue, and property losses that may result from a data breach or cyber attack.

 

(c) Authorizes insurance purchased under this section to include coverage for business and dependent business interruption loss, breach response, data recovery, cyber extortion or ransomware response, fiduciary liability, media liability, professional liability, or expenses for general incident management, such as investigation, remediation, and notification.

 

SECTION 2. Effective date: upon passage or September 1, 2021.