The governor of Connecticut, Ned Lamont, has signed into law legislation which protects businesses from punitive damages if personal or restricted information is improperly accessed.

The new measures, effective from 1 October, also cover that data being maintained, communicated or processed, provided a company has adopted and adhered to appropriate cyber security measures.

In addition, Lamont announced an $11m (€9.32m) investment to bolster cybersecurity to “improve the resilience of state services and protect our residents and businesses.”

He said the bill will improve security of consumers’ data, while hiring Connecticut’s first chief information security officer will enhance the state’s cyber security posture.

State official Josh Geballe added: “Everyday businesses and governments alike battle with hackers and criminals, and these types of investments will help us deploy additional cybersecurity processes and technology to strengthen our defences.”