CNET también está disponible en español.

Ir a español

Don't show this again

Tech Industry

Study: States failing at cybersecurity

Most states haven't adopted or implemented the online security standards required by Congress, according to a research firm. Can insurance companies take up the slack?

Most U.S. states aren't doing a good job of tracking how companies deal with cybersecurity, according to a new study.

The report, released this week by Zeichner Risk Analytics, showed that 36 states have failed to adopt or implement the cybersecurity standards required by Congress. The study examined laws in 50 states and the District of Columbia, comparing them with federal mandates.

"The states have generally not fulfilled their end of the bargain with the federal government to adopt cybersecurity laws governing financial institutions," the study said.

In particular, the report said that nearly half of all states are not discussing plans that would require insurance companies to secure their data. Lee Zeichner, president of Zeichner Risk Analytics, said states have focused their attention on security issues other than those related to databases in the wake of the terrorist attacks. "Post 9-11, a number of states had other priorities, so it fell off their radar screens," he said.

Zeichner said one of the most surprising findings was that even states with a large presence of insurance companies hadn't adopted laws to deal with the issue.

But the study's results don't mean that consumer data held by insurance companies isn't secure. Zeichner said insurance companies seem to be securing data on their own, even if states aren't creating or enforcing requirements that they do it. "I do believe that most companies, because of market pressures, are making sure customer information stays safe," he said.

Data leaks can be public relations nightmares for a company, especially when that company is trusted with confidential information such as credit card numbers.

The study comes as the federal government is stepping up its cybersecurity initiatives. Earlier this month, Congress established its first panel devoted to cybersecurity, a subcommittee of the House Homeland Security Committee.