A state law effective July 28 requires municipalities and public authorities to report cybersecurity incidents within 72 hours and ransomware payments within 24 hours to the New York State Division of Homeland Security and Emergency Services (DHSES). New York City is exempt from the reporting mandate. The law compels local governments to establish protocols and reporting mechanisms and to provide annual cybersecurity training for government employees. Collecting incident and payment information aims to improve statewide ability to address cyber threats, safeguard critical infrastructure, and combat ransomware. The measure responds to rising targeting of local governments and past major municipal ransomware attacks.
A state law requiring municipalities and public authorities to report cybersecurity incidents within 72 hours and ransomware payments within 24 hours compels New York governments to ensure they have protocols in place to collect and report the required information. The law, which took effect July 28, requires municipalities and districts to report both cybersecurity incidents and ransomware payments to the New York State Division of Homeland Security and Emergency Services (DHSES). New York City is exempted from this regulation.
My top priority as governor is the security and safety of all New Yorkers, and with this legislation we're strengthening our ability to respond to and ultimately prevent cyber threats all across our state, she said. As global conflicts escalate and cyber threats evolve, so must our response, and we are taking a whole of government approach in doing so. Requiring timely incident reporting and providing annual cybersecurity training for government employees will build a stronger digital shield for every community across the state and ensure they get the support they need when it matters most.
Collection
[
|
...
]