The Texas Cybersecurity Law That Could Save — or Cost — Your Business Millions
Texas Senate Bill 2610 gives businesses with fewer than 250 employees a legal shield against punitive damages in breach lawsuits. But only if you've taken the right steps before a breach happens.
Most Texas business leaders don't know this law exists. The ones who do are already protected.
Join GXA and a panel of cybersecurity and legal experts for an executive lunch where we'll break down SB 2610, the 2026 threat landscape, and exactly what your business needs to do to qualify for safe harbor protection.
20
Seats Only
Mar 26
Thursday, 2026
12:00
AM – 1:00 PM CT
The Opportunity
A New Legal Shield — If You Qualify
Before SB 2610, a data breach meant your business was exposed to both compensatory and punitive damages in court. Punitive damages alone can multiply actual losses many times over — enough to threaten the survival of a mid-sized company.
SB 2610 changed that. Effective September 1, 2025, Texas businesses that implement and maintain a qualifying cybersecurity program are shielded from exemplary (punitive) damages in breach lawsuits. It's an incentive-based law — no new mandates, no government enforcement, no penalties for opting out. But the businesses that take action get a concrete legal advantage the moment they're compliant.
Here's what makes this urgent: your program has to be in place before a breach occurs. You can't qualify retroactively. Post-breach implementations offer zero protection. And the requirements are tiered based on your company size — what qualifies a 15-person firm is different from what's required of a 200-person company.
This event is about understanding the opportunity and acting on it before you need it.
What You'll Learn
60 Minutes. A Complete Picture.
This isn't a generic cybersecurity seminar. It's a focused executive session with the people who build these programs every day and a cyber attorney who can explain exactly what SB 2610 means for your legal position.
You'll walk away understanding:
The Law Itself
What SB 2610 actually says, who qualifies, and how the safe harbor works in practice. Texas is the fifth state to pass this kind of law, following Ohio and Utah. We'll explain what courts will look for if you ever need to invoke it.
Your Compliance Tier
The requirements scale by employee count. Under 20 employees: simplified measures like password policies and cybersecurity training. 20–99 employees: CIS Controls Implementation Group 1. 100–249 employees: full alignment with recognized frameworks like NIST CSF, ISO 27001, or SOC 2. We'll explain what each tier actually looks like in practice — not just the framework names, but the real work involved.
The 2026 Threat Landscape
AI-powered attacks are changing the game. Employees are using ChatGPT and Claude without guardrails, creating data exposure risks most businesses haven't accounted for. Email compromise and wire fraud continue to hit businesses your size hardest. Understanding the threats makes the case for safe harbor protection concrete.
The Financial Math
What punitive damages look like in breach litigation, how safe harbor changes your exposure, and how qualifying can reduce your cyber insurance premiums. This is the part that makes the 60-minute investment worth it.
What to Do Next
Concrete steps to begin qualifying for safe harbor protection, tailored to your company's size and current security posture.
Format & Speakers
How This Works
A short, focused presentation from GXA's cybersecurity leadership and a practicing cyber attorney, followed by an open panel discussion. Bring your questions — this event is designed for conversation, not lectures.
Your panel includes:
George Makaye
President & CEO, GXA
CISSP certified. 21 years leading cybersecurity strategy for Texas businesses.
Calvin Fuller
CISO, GXA
Security operations and hands-on threat response.
Cyber Attorney
Speaker TBD
Cybersecurity law, breach liability, and SB 2610 safe harbor provisions.
Dr. Alicia Makaye, Ph.D.
Co-Founder & Chief Outreach Officer, GXA (Moderator)
Moderator. Air Force veteran, Goldman Sachs 10KSB alumna.
Lunch is provided. Parking is free. You'll see a screen with key talking points — not a 60-slide deck.
20 Seats. That's It.
This is an executive working lunch at our Richardson headquarters — not a conference ballroom with 200 people. We're keeping it to 20 attendees so every person in the room gets their questions answered by the panel.
When they're gone, they're gone.
Can't make it March 26? We're hosting a virtual deep-dive on SB 2610 on April 1st. Register for the webinar instead →
Your Partner
Why GXA
GXA has spent 21 years as a cybersecurity and IT strategy partner to Texas businesses — from 20-person firms to 500-employee organizations. We're SOC 2 Type II attested and ISO 9001 certified, and our gShield™ managed security framework is purpose-built for the threats hitting mid-market companies.
We don't just talk about the frameworks SB 2610 recognizes — we implement them. NIST CSF, CIS Controls, ISO 27001, HIPAA, PCI DSS. Our vCISO services and 24/7 SOC monitoring are designed to build and maintain the exact kind of cybersecurity program that qualifies for safe harbor protection.
SOC 2
Type II Attested
ISO 9001
Certified Since 2019
21
Years in Business
CISSP
Certified Leadership
Get Protected Before You Get Tested
SB 2610 is already in effect. Every day your business operates without a qualifying cybersecurity program is a day you're leaving legal protection on the table.
Questions? Call us at (972) 630-3323