Bill > A01239

This bill introduces the "Cyber Ransom Prevention Act," which amends New York's insurance law by requiring insurance policies that cover cyberattack losses for corporations or businesses to include a mandatory notification provision. Specifically, the policy must require the insured entity to notify a law enforcement agency within 72 hours of discovering a cyberattack before they can receive insurance payment for damages or losses resulting from that attack. The purpose of this requirement appears to be encouraging prompt reporting of cyber incidents to authorities, which could help law enforcement track and potentially prevent future cyberattacks. The bill will go into effect 180 days after becoming law, giving insurers and businesses time to adjust their policies and practices to comply with the new requirement. By mandating this notification step, the bill aims to improve cyber incident response and potentially help reduce the financial and operational impact of cyberattacks on businesses.

Business and Industry

https://www.nysenate.gov/legislation/bills/2025/A1239