SB2610 Provides a 'safe harbor' for small Texas businesses that adopt and maintain a qualified cybersecurity program

Houston managed cybersecurity services

Houston Managed IT Services

Houston cybersecurity compliance

Senate Bill 2610 (SB 2610) is a new Texas law, effective September 1st, 2025, for businesses with less than 250 employees

HOUSTON, TX, UNITED STATES, August 15, 2025 /EINPresswire.com/ -- The introduction of SB2610 is a call to action for small business owners to invest in cybersecurity. While a small business may not have the large budgets and resources available to bigger companies, the tiered requirements (guided by the number of employees in the company) set a framework to qualify for “safe harbor” in the event of a subsequent data breach. This law does not provide complete immunity from all liability.

Cybersecurity breaches are widespread, and

nobody can predict who will be impacted or when the next generation of threats will emerge. Many business systems hold computerized data containing sensitive personal information such as financial details, private correspondence, confidential records, or Personally Identifiable Information (PII). If sensitive personal data is compromised, the fallout can be extensive and prolonged. Immediate concerns relate to securing the data and notifying clients of a potential compromise; however, one of the medium-term impacts could be a lawsuit against the company for failing to adequately protect the data in their systems. This new law is catching the attention of business owners and shining a spotlight on the need for cybersecurity measures. As the jargon around cybersecurity becomes more familiar to clients generally, there is an expectation that any data shared will be protected.

SB2610 seeks to protect small businesses that have done their due diligence and adopted cybersecurity measures to safeguard data in their systems. Once adopted, the program must then be maintained and adapted over time as the cybersecurity landscape constantly evolves.

There is no guarantee that a cybersecurity breach will be prevented from ever occurring; however, if there is a breach and the company can demonstrate that it had a compliant cybersecurity program in place at the time of the breach, this new law can protect that small business from having to pay punitive damages.

The law comes into effect is September 1st, 2025, and it takes time to assess the current cybersecurity measures in place, identify gaps, and then close any gaps to be compliant.

AVATAR Managed Services offers a comprehensive range of Managed Cybersecurity Solutions and Services to take the guesswork out of implementing a set of processes and tools to protect valuable information. They can also help document the levels of cybersecurity implemented so that compliance is not only achieved and maintained, but can also be demonstrated with logs and relevant documentation. Being able to state that cybersecurity is taken seriously and meets specific requirements is a positive marketing factor, potentially setting a company apart from competitors.

Details related to SB2610, broken down by the number of employees:

Required Cybersecurity Measures for a business with < 20 Employees
-Simplified Requirements — Implement basic password policies and provide appropriate employee cybersecurity training.
Required Cybersecurity Measures for a business with 20 – 99 Employees
-Moderate Requirements — Comply with the Center for Internet Security (CIS) Controls Implementation Group 1 (IG1), covering foundational safeguards.
Required Cybersecurity Measures for a business with 100 – 249 Employees
-Comprehensive Requirements — Align with an industry-recognized cybersecurity framework, such as: NIST Cybersecurity Framework,NIST SP 800-171, 800-53, 800-53a, CIS Critical Security Controls, FedRAMP Security Assessment Framework, ISO/IEC 27000-series, HITRUST CSF, Secure Controls Framework, SOC 2, HIPAA, GLBA, FISMA, HITECH (if applicable), and PCI DSS (if applicable).

Managed Cybersecurity Services are offered by Houston Managed Service Providers such as AVATAR Managed Services.