IL HB5547

Amends the Illinois State Auditing Act to add Section 3-2.4 requiring the Auditor General to review state agencies' cybersecurity programs and practices as part of annual compliance examinations, with focus on agencies holding large volumes of personal information

Requires minimum assessment of cybersecurity effectiveness, system risks and vulnerabilities, information types most susceptible to attack, and ways to improve security and eliminate vulnerabilities

Mandates inclusion of cybersecurity testing findings in each state agency's compliance examination report, issued according to existing Section 3-14 procedures

Requires copies of cybersecurity audit reports be delivered to the head of the applicable state agency and posted on the Auditor General's website