Texas Senate Committee advances cybersecurity protections for small businesses with SB 2610

The Senate Committee on Business and Commerce convened on April 22, 2025, to discuss critical issues affecting small and medium-sized businesses (SMBs) in Texas, particularly concerning cybersecurity threats. The meeting focused on Senate Bill 2610, which aims to provide cybersecurity safe harbor protections for these businesses, addressing their vulnerability to cyberattacks such as data breaches and ransomware.

The committee began with an overview of the bill, which was introduced to create a compliance framework that aligns with recognized industry standards. The bill's sponsor highlighted the need for these protections, noting that current laws do not incentivize preventative cybersecurity measures. The proposed legislation seeks to remove a previously identified drafting error that inadvertently created new liabilities for businesses, replacing it with explicit safe harbor protections from exemplary damages in data breach lawsuits.

Senator Nichols raised concerns about potential legal actions targeting small businesses, prompting discussions about the prevalence of lawsuits following data breaches. The committee heard testimony from Sarah Horn, Assistant State Director at the National Federation of Independent Business (NFIB) Texas, who expressed strong support for the bill. Horn emphasized that the legislation encourages voluntary adoption of cybersecurity best practices without imposing burdensome mandates, ultimately benefiting both consumers and businesses.

Eduardo Contreras, a small business owner and member of the Governor's Small Business Advisory Task Force, also testified in favor of the bill. He highlighted alarming statistics, noting that 61% of U.S. SMBs experienced a cyberattack last year, with many facing severe financial repercussions. Contreras pointed to successful cybersecurity laws in other states, such as Ohio and Utah, which have led to increased cybersecurity spending and reduced breach-related lawsuits.

The committee's discussions underscored the urgent need for legislative action to protect Texas SMBs from the growing threat of cybercrime. The bill aims to provide a structured approach to cybersecurity that is adaptable to the size and resources of individual businesses. As the meeting concluded, the committee members expressed their intent to consider the bill favorably, recognizing its potential to enhance the cybersecurity posture of Texas's vital small business sector.