Bill > S07672

This bill establishes comprehensive cybersecurity reporting and protection requirements for municipal corporations, public authorities, and state agencies. It mandates that municipal corporations and public authorities report any cybersecurity incidents and ransom payment demands to the Division of Homeland Security and Emergency Services within 72 hours of discovering the incident, with detailed reporting requirements including whether they seek technical assistance. The bill defines key terms like "cybersecurity incident," "ransomware attack," and "cyber threat," and provides specific guidelines for reporting such events. It also requires state and local government employees who use technology in their jobs to complete annual cybersecurity awareness training beginning in January 2026, with the training to be conducted during regular working hours and compensated at the employee's standard pay rate. Additionally, the bill requires state agencies to develop robust data protection standards, create inventories of their information systems, and establish incident response plans, with provisions to keep these sensitive documents confidential. The legislation aims to enhance cybersecurity preparedness, response, and protection across New York's government entities, while providing a framework for managing and mitigating potential cyber threats.

Government Affairs

https://www.nysenate.gov/legislation/bills/2025/S7672