News Summary
New York has enacted new cybersecurity legislation to strengthen the protection of municipal corporations and public authorities. The law mandates reporting of cybersecurity incidents within 72 hours and requires organizations to disclose ransomware payments within 24 hours. Enhanced guidelines for incident reporting and annual cybersecurity training for government employees have also been introduced. This move aims to improve response times to cyber threats and bolster defense mechanisms, particularly for essential services and utilities. The legislation emerges amid increasing cyberattack risks in both public and private sectors.
New York has introduced significant new cybersecurity legislation aimed at enhancing the protection of municipal corporations and public authorities. Signed into law by Governor Hochul on June 27, 2025, the measure, titled S.7672A/A.6769A, mandates that cybersecurity incidents must be reported within 72 hours. Furthermore, organizations facing ransomware attacks are now required to disclose payments they make within a strict 24-hour window to the New York State Division of Homeland Security and Emergency Services (DHSES).
The legislation highlights the urgency for organizations to respond to cybersecurity threats by improving incident reporting procedures. Under the new guidelines, victims of ransomware are expected to provide detailed reports that include the payment amount, justification for the transaction, and evidence of legal diligence, all within a 30-day period. This immediate reporting is designed to give the state better tools to combat emerging cyber threats and safeguard essential infrastructure.
The newly enacted rules also stipulate that annual cybersecurity awareness training must be conducted for government employees. This training is part of a proactive measure to create a more security-conscious workforce that can help prevent future cyber incidents. Additionally, new standards for data protection for state-maintained information systems have been integrated into the law, further enhancing the state’s security posture.
Jackie Bray, the Commissioner of DHSES, emphasized that this legislation will empower teams to better shield vital infrastructure from cyber threats. The law also extends its reporting requirements to water and wastewater organizations, which underlines the commitment to protecting critical utilities from potential cyber disruptions.
The passing of this legislation comes in the wake of a rise in cyberattacks targeting major retailers and large organizations, which have underscored the vulnerabilities present in both private and public sectors. The law aims to improve response times and coordination when a cyber incident occurs, ultimately reducing the risk of extensive damage.
State Senator Monica R. Martinez acknowledged the importance of the legislation in safeguarding essential services and enhancing the state’s overall cybersecurity framework. Support for the bill was echoed by State Senator Kristen Gonzalez and Assemblymember Billy D. Jones, who both voiced the necessity of such measures in an increasingly digital world where the risk of cyberattacks is escalating.
Organizations must familiarize themselves with the specific provisions of the law to ensure compliance. Reports of cybersecurity incidents can be submitted directly on DHSES’s official website, marking a streamlined process for documentation and accountability.
This legislation represents a proactive step in New York’s approach to cybersecurity, recognizing the need for timely communication and swift action in mitigating threats. With the newly instituted reporting requirements, the state aims to foster an environment where information sharing regarding cyber incidents can lead to improved strategies and defenses against potential attacks.
Overall, the new cybersecurity legislation serves as a foundational piece of New York’s broader strategy to enhance the resilience of its infrastructure and organizations in the face of evolving cyber threats.
Deeper Dive: News & Info About This Topic
- CBS6 Albany
- Wikipedia: Cybersecurity
- Local Syracuse
- Google Search: New York cybersecurity law
- TechCrunch
- Encyclopedia Britannica: Cyber Crime
- GovTech
- Google News: New York cybersecurity legislation
