# New CLTC Report Analyzes Cybersecurity Policy Across State Legislatures _Friday, June 26, 2026 at 9:55 PM EDT · Cybersecurity · Latest · Tier 2 — Notable_ ![New CLTC Report Analyzes Cybersecurity Policy Across State Legislatures — Primary](https://cltc.berkeley.edu/wp-content/uploads/2026/02/Tracking-Cybersecurity-Policy-Developments-Across-State-Legislatures_Cover-1.png) A new report from researchers at the Center for Long Term Cybersecurity Public Interest Cybersecurity Program presents an empirical analysis of every cybersecurity related bill enacted in all 50 states during the 2025 legislative sessions. The research identifies nationwide patterns in the cyber policy issues states addressed, the regulatory approaches they adopted, and the entities and sectors they chose to regulate. The report titled Tracking Cybersecurity Policy Developments Across State Legislatures 2025 Enacted Legislation was written by Shannon Pierson, Senior Fellow of Public Interest Cybersecurity at CLTC, and Sree Varsha Bhanoor, a graduate student at UC Berkeley. In parallel with the analysis the researchers published a publicly accessible searchable database of every cybersecurity related bill enacted in 2025 across all 50 states. Researchers sourced the dataset from LegiScan and analyzed all bills enacted in 2025 with the keywords cybersecurity or cyber security. They manually reviewed each bill for inclusion and extracted each cybersecurity specific provision. Lawmakers across 37 states passed 99 cybersecurity related bills in 2025, establishing 393 new cybersecurity rules cumulatively. The researchers mapped each rule to one of the six functions of the National Institute of Standards and Technology Cybersecurity Framework 2.0 and categorized each by policy action type. Most legislation passed last year focused on improving cybersecurity for state government agencies, education entities including K 12 schools, cyber insurance policyholders, and high risk critical infrastructure sectors. State legislatures built out cybersecurity leadership and governance structures, expanded requirements for public and private organizations to implement baseline cybersecurity controls, increased obligations for organizations to report on cyber security programs and compliance, prioritized stronger cybersecurity incident preparedness and response, mandated representation of cybersecurity experts within state decision making, and passed cybersecurity safe harbor laws. The report includes five recommendations for state legislatures considering cybersecurity legislation in 2026. The authors suggest continuing work on a bipartisan basis, appropriating funding to accompany new mandates, being more prescriptive about required cybersecurity controls, exploring ways to support monitoring and detection of cyber incidents, and requiring follow up actions to reporting. ## Sources - [CLTC Berkeley](https://cltc.berkeley.edu/2026/02/19/new-cltc-report-analyzes-cybersecurity-policy-across-state-legislatures/) --- Canonical: https://techandbusiness.org/newswire/WMYow9Ig064KslncDOfTxO Retrieved: 2026-06-27T05:52:20.765Z Publisher: Tech & Business (techandbusiness.org)