Security Awareness Training Is Now Mandatory for Florida Government Employees

Security awareness is no longer optional for Florida government employees. Effective July 1, 2022, Governor Ron DeSantis approved House Bill 7055, requiring state agencies and local governments to offer employee security awareness training, report cybersecurity and ransomware incidents, and draft detailed reports of actions taken after cyber-attacks.  

The new bill specifically states that all local government employees who will have access to the state’s network must successfully complete basic cybersecurity awareness training. In addition to this action, there is now a deadline requiring these new employees to finish the assigned lessons within 30 days of their start date.   

The HB 7055 Mandates

HB 7055 is also calling for local governments to adopt cybersecurity standards that safeguard their data. These guidelines must be consistent with the accepted best practices for cybersecurity — and since human error continues to be the top threat, employee training must be offered and updated annually.  

This critical legislation establishes the importance of cybersecurity readiness, the requirements to maintain and improve reporting standards, and the need to facilitate the integration of these new mandates for local government agencies.  

Florida Spends Little on Training

The goal of increasing training is to lower the risk of growing cyber-attacks. But how much is being invested in education to prevent these prevalent attacks? According to the Cyber Florida report on local government’s cyber readiness, less than 5% of local government entities have cybersecurity as a line item in their budget. 

The mandates in this legislation will create a shift. Florida’s local governments are now under pressure to boost their cyber preparedness and set aside adequate funding for these educational efforts.  

How ERMProtect Can Help

Learn about ERMProtect's customizable Cybersecurity Awareness Training. Contact Silka Gonzalez at [email protected]   


Get a curated briefing of the week's biggest cyber news every Friday.

Stop Phishing Attacks with ERMProtect's Security Awareness Training

Turn your employees into a human firewall with our innovative Security Awareness Training.

Our e-learning modules take the boring out of security training.

Intelligence and Insights

Cybersecurity Incident

How to Prepare Your Organization for a Cybersecurity Incident

Preparing for a cybersecurity incident substantially decreases damage and costs and helps get companies back to business as quickly as possible …
cloud computing

Regular Penetration Testing Reduces Risks in the Cloud

Cloud penetration testing is a simulated attack to assess the security of an organization’s cloud-based applications and infrastructure, and it is critical in today’s digital world …
Information Technology (IT) risk assessments

Choosing the Right Risk Assessment Protects Against Cyber Threats

IT risk assessments provide invaluable benefits to the security of your organization. This article outlines key factors to consider …