Cybersecurity and Infrastructure Security Agency (CISA) included security ratings or scorings as part of its cyber risk reduction initiative. At least 25 U.S. states have data protection laws, with Virginia being the most recent to enact legislation. Businesses must have end-to-end security in place as cybercriminals are constantly developing new ways to attack networks, take advantage of employee trust and steal data. Non-compliance with either of these regulations may pose a serious threat to business continuity depending on the size of the company and violation.
Source: https://www.helpnetsecurity.com/2021/03/24/partner-cyber-resilience/