The Texas Cybersecurity Law That Could Save — or Cost — Your Business Millions
Senate Bill 2610 created a legal safe harbor for Texas businesses with fewer than 250 employees — protection from punitive damages in breach lawsuits, if you've implemented a qualifying cybersecurity program.
The law has been in effect since September 2025. Most businesses still haven't acted.
Join GXA for a focused virtual session breaking down what SB 2610 requires, which compliance tier applies to your business, how it affects your cyber insurance, and what a realistic path to qualifying looks like — even without a dedicated security team.
60
Minutes
Apr 1
Tuesday, 2026
1:00
PM CT · Virtual
The Opportunity
Texas Is Rewarding Businesses That Invest in Cybersecurity
SB 2610 is a "carrot, not a stick" law. There's no mandate, no enforcement agency, and no penalty for opting out. Instead, the state is offering something valuable: if your business implements a cybersecurity program that meets recognized industry standards, you're shielded from punitive damages if a breach occurs.
Texas is the fifth state to pass this kind of legislation, following Ohio (2018) and Utah (2021). In those states, safe harbor laws drove a measurable increase in cybersecurity investment among small and mid-sized businesses. The trend is clear — framework-based cybersecurity is becoming the legal standard of care. Businesses that align now are ahead.
But the protection only works if your program is in place before a breach. Courts will scrutinize dated documentation, training records, risk assessments, and audit logs. Post-breach scrambling doesn't count.
This webinar gives you the roadmap to qualify.
What You'll Learn
60 Minutes. Your SB 2610 Compliance Roadmap.
This webinar goes deeper on SB 2610 mechanics than our in-person event. If you want to understand exactly what qualifying looks like for your business, this is the session.
We'll cover:
The Three Requirements for Safe Harbor
Your business must have fewer than 250 employees, own or license data containing sensitive personal information, and have implemented a qualifying cybersecurity program before a breach occurs. Simple criteria, but the details of "qualifying" matter. We'll break them down.
Framework Selection by Company Size
Under 20 employees: simplified requirements (password policies, employee training). 20–99 employees: CIS Controls Implementation Group 1 — a manageable, well-defined set of security controls. 100–249 employees: full compliance with NIST CSF, ISO 27001, HITRUST, SOC 2, or equivalent. Already subject to HIPAA, GLBA, or PCI DSS? Full compliance with those standards counts too. We'll walk through what each tier actually requires.
Cyber Insurance and SB 2610
How safe harbor status can affect your premiums, claims outcomes, and coverage terms. What your policy covers vs. what it doesn't. And why insurers are increasingly looking at framework compliance when underwriting risk. This is the practical intersection most businesses miss.
The Gaps We See Most Often
The most common mistakes businesses make when they think they're compliant but aren't. Missing documentation, outdated training records, incomplete vendor management, and programs that look good on paper but can't survive court scrutiny.
A Practical 90-Day Action Plan
Where to start, what to prioritize, and how to get from where you are now to qualifying protection. Tailored by company size tier.
Meet the Speakers
Your Presenters
George Makaye
President & CEO, GXA
CISSP certified. Two decades of cybersecurity leadership for Texas businesses.
Calvin Fuller
CISO, GXA
Security operations and incident response.
Cyber Insurance Specialist
Speaker TBD
Cyber insurance specialist covering SB 2610 implications for coverage, premiums, and claims.
The Law Has Been Active Since September 2025
Every breach that occurs before your qualifying program is documented and in place is a breach without safe harbor protection. The businesses that acted in 2025 are already covered. The question is whether yours will be next — or whether you'll find out you needed it after the fact.
60 minutes. No fluff. A clear plan you can execute immediately.
Prefer in-person? Join us for an executive lunch in Richardson on March 26th — only 20 seats. See the in-person event →
Already taken our quick check? SB 2610 Quick Check · Full Compliance Scorecard
Turn Cybersecurity Into a Legal Advantage
SB 2610 is already law. Qualifying for safe harbor protection is one of the highest-ROI decisions a Texas business can make this year.
Questions? Call us at (972) 630-3323