HB 1172
AN ACT relating to requiring the Department of Information Resources to
89th Regular Session
Jan 14, 2025 - Jun 2, 2025 • Session ended
Awaiting Committee Assignment
Bill filed, pending referral to House committee
Committee
Not yet assigned
Fiscal Note
Not available
What This Bill Does
Requires the Texas Department of Information Resources to conduct a comprehensive study on small businesses' cybersecurity challenges, focusing on how these businesses can protect against cyber risks, improve supply chain security, and potentially establish a grant program to help them upgrade their cybersecurity infrastructure. The study will examine current best practices, barriers to cybersecurity investment, potential tax incentives, and the impact of cybersecurity incidents on small businesses, with a report due by December 31, 2026, that includes recommendations for protecting information systems against cyber threats.
Subject Areas
Bill Text
relating to requiring the Department of Information Resources to conduct a study concerning the cybersecurity of small businesses. BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: SECTION 1. DEFINITIONS. In this Act: (1) "Department" means the Department of Information (2) "Tax incentive" means any exemption, deduction, credit, exclusion, waiver, rebate, discount, deferral, or other abatement or reduction of state tax liability of a business entity. SECTION 2. STUDY CONCERNING CYBERSECURITY OF SMALL BUSINESSES. (a) The department, in collaboration with the Texas Workforce Commission, shall conduct a study to determine: (1) how small businesses can improve their ability to protect against cybersecurity risks and threats to the businesses' supply chain and to mitigate and recover from cybersecurity (2) the feasibility of establishing a grant program for small businesses to receive funds to upgrade their cybersecurity infrastructure and to participate in cybersecurity (b) The department may, if necessary and as appropriate, partner with a nonprofit entity or institution of higher education, as defined by Section 61.003, Education Code, to conduct the study. (c) The study may be limited to the geographic region or regions served by a nonprofit entity or institution of higher education with which the department partners under Subsection (b) (d) In conducting the study, the department may consider: (1) the current best practices used by small businesses for cybersecurity controls for their information systems to protect against supply chain vulnerabilities, which may include best practices related to: (A) software integrity and authenticity; and (B) vendor risk management and procurement controls, including notification by vendors of any cybersecurity incidents related to the vendor's products and services; (2) barriers or challenges for small businesses in purchasing or acquiring cybersecurity products or services; (3) the estimated cost of any available tax incentives or other state incentives to increase the ability of small businesses to acquire products and services that promote (4) the availability of resources small businesses need to respond to and recover from a cybersecurity event; (5) the impact of cybersecurity incidents that have affected small businesses, including the resulting costs to small (6) to the extent possible, any emerging cybersecurity risks and threats to small businesses resulting from the deployment (7) any other issue the department and the Texas Workforce Commission determine would have a future impact on cybersecurity for small businesses with supply chain (e) In determining the feasibility of establishing a grant program described by Subsection (a)(2) of this section, the study (1) identify the most significant and widespread cybersecurity incidents impacting small businesses, vendors, and others in the supply chain network of small businesses; (2) consider the amount small businesses currently spend on cybersecurity products and services and the availability and market price of those services; and (3) identify the type and frequency of training necessary to protect small businesses from supply chain cybersecurity risks and threats. SECTION 3. REPORT. (a) Not later than December 31, 2026, the department shall submit to the standing committees of the senate and house of representatives with jurisdiction over small businesses and cybersecurity a report that contains: (1) the results of the study conducted under Section 2 of this Act, including the feasibility of establishing a grant program described by Subsection (a)(2) of that section; and (2) recommendations for best practices and controls for small businesses to implement in order to update and protect their information systems against cybersecurity risks and threats. (b) The department shall make the report available on the SECTION 4. EXPIRATION OF ACT. This Act expires September 1, SECTION 5. EFFECTIVE DATE. This Act takes effect immediately if it receives a vote of two-thirds of all the members elected to each house, as provided by Section 39, Article III, Texas Constitution. If this Act does not receive the vote necessary for immediate effect, this Act takes effect September 1, 2025.
Bill Sponsors
Legislators who authored or co-sponsored this bill.
Bill History
Bill filed: AN ACT relating to requiring the Department of Information Resources to
Related Guides
Learn more about tracking Texas legislation and working with lobbyists.
How to Read & Track Texas Bills
Master bill numbering, understand legislative language, and learn effective tracking strategies.
Understanding Texas Legislative Deadlines
Navigate the 140-day session with critical calendar dates and filing deadlines.
How Laws Get Made in Texas
Follow a bill's journey from filing to the governor's desk through committees and floor votes.
When Should Your Business Hire a Lobbyist?
Discover the signs that your business needs professional advocacy at the Texas Capitol.