Pro-MSP Group Urges States to Pass Cyber Immunity Bills

One of the leading MSP advocacy and standards groups has called for states to adopt more extensive cybersecurity measures to help keep their governments safer and protect businesses via cyber immunity.

The MSPAlliance, an industrial advocacy group working for MSPs, published a framework on Wednesday for "recommended State Cyber Immunity Legislation" that would encourage proactive cybersecurity measures by providing legal protection against civil liabilities to companies such as managed service providers that are actively showing an interest in "cyber hygiene." The hope is that cyber immunity legislation would help foster a safer digital environment and enhance public trust in the companies.

Cyber hygiene, as the organization defines it, refers to appropriate practices taken by companies to ensure the health and security of their IT systems. These include things like software updates, employee training, data encryption, multifactor authentication and incident response planning.

MSPAlliance's Cyber Immunity Framework

The legislative framework provides state governments with a number of provisions to include regarding best practices.

For example, cyber immunity eligibility requires companies to adhere to established cybersecurity frameworks such as NIST, ISO, 27001 or CIS controls with regular audits and certifications required to uphold those frameworks. The scope of that immunity would protect companies from being held liable for data breaches or security incidents, as long as they are able to demonstrate adherence to the defined cyber hygiene practices. The companies would be required to report those cyber incidents to the State Cybersecurity Commission and assist in any future investigations into the matter. The Commission, which each state would establish, would oversee the enforcement of the passed legislation and ensure all companies are compliant.

This legislation would benefit both the states and companies, MSPAlliance claims, due to it enhancing national security, improving coordination and standardization, assisting with economic stability and building public trust while also reducing a reliance on federal resources.

The MSPAlliance has become more vocal in supporting MSPs in recent weeks, claiming that the political landscape around MSPs and the demands for them has changed in light of the growing number of cyber threats, as well as changing regulations. The industry group has actively pushed for MSPs, businesses and governments to further their collaborations to enhance their cybersecurity offerings and stop malicious actors.