Texas has passed a new law effective September 1, 2025, providing small and mid-sized businesses (SMBs) with fewer than 250 employees a safe harbor against exemplary (punitive) damages in the event of a data breach if they implement and maintain a recognized cybersecurity program, such as HITRUST certification.
What This Means for Your Business
If you have 100-249 employees and your business maintains a cybersecurity program that aligns with an industry-recognized framework, you can significantly reduce your legal risk if a breach occurs, even if sensitive data is compromised. The law encourages proactive investment in cybersecurity while providing legal protection and peace of mind.
What Qualifies as a Recognized Framework
The Texas safe harbor law recognizes frameworks such as the NIST Cybersecurity Framework and the HITRUST CSF. These frameworks help businesses implement administrative, technical, and physical safeguards to protect sensitive information.
Why HITRUST Certification Makes Sense
HITRUST certification aligns with the HITRUST CSF, a comprehensive framework that integrates and harmonizes standards such as NIST, HIPAA, and ISO into a single, prescriptive, and scalable approach to security and compliance.
HITRUST certification
- Demonstrates that your organization aligns with a recognized cybersecurity framework
- Can qualify your business for Texas safe harbor protection under the new law
- Provides evidence of reasonable security practices to customers, insurers, and regulators
- Offers the only assurance proven to reduce risk, as 99.41% certified environments remained breach-free in 2024
- Allows you to choose from different types based on your organization size, risk maturity, and business needs
Is HITRUST Certification Right for Your Business?
Regardless of your industry, adopting HITRUST helps you reduce legal risk, improve your cybersecurity, maintain compliance, and demonstrate your commitment to protecting your data and your business. HITRUST offers multiple certification types (e1, i1, r2), allowing you to start with foundational, validated security practices and scale your assurance program as your business grows.
Next Steps
If you would like to learn how HITRUST can help your organization align with the Texas safe harbor law and strengthen your cybersecurity program, please contact us. We can help you understand which certification type fits your current security posture and business needs.