NIST Statistics on Common Vulnerability and Exposures (CVE) Year Number of CVEs 2019 17305 2020 18349 2021 20155 2022 25043 2023 28817 2024 39999 A few years ago, NIST began tracking the number of CVE which are exploited. In the past three months alone the number of exploited vulnerabilities has been 33, of which nine are critical.⁴ Which means, there are exploited zero-days which even the most efficient, competent and proactive information technology staff cannot control. Current Statutes Safe harbor statutes come in two variations. The first variation provides an affirmative defense for entities who adhere to specific cybersecurity frameworks or standards to qualify for liability protection. These frameworks may include the NIST Cybersecurity Framework, the Center for Internet Security (CIS) Controls, or the International Organization for Standardization (ISO) standards. The primary goal is to reduce the financial and reputational risks associated with data breaches while promoting higher standards of data protection. The current statutes in the first category include: • Connecticut: An Act incentivizing the adoption of cybersecurity standards for businesses (HB 6607). • Iowa: An Act relating to affirmative defenses for entities using cybersecurity programs (HB 553). • Florida (Proposed HB 473). Continued on page 20 18 NEBRASKA BANKER
RkJQdWJsaXNoZXIy MTg3NDExNQ==