Governor Kathy Hochul announced that new legislation aimed at strengthening cybersecurity across New York is now in effect, requiring faster reporting of cyber incidents and ransomware payments from public agencies statewide.
The law, S.7672A/A.6769A, mandates that all municipal corporations and public authorities report cybersecurity incidents within 72 hours and disclose any ransomware payments within 24 hours to the New York State Division of Homeland Security and Emergency Services. Within 30 days of making a payment, the entity must provide detailed justification, including the amount, reasoning, and legal review.
“Here in New York, we are keeping up with technology’s fast-paced evolution and are resilient in the face of cybersecurity threats,” Hochul said. “This legislation strengthens our response and provides our state’s Department of Homeland Security and Emergency Services the necessary information to handle reports of attacks and keep New Yorkers safe.”
The measure builds on Hochul’s 2025 State of the State initiative and the state’s ongoing cybersecurity strategy. In addition to reporting requirements, the law sets data protection standards for state systems and requires annual cybersecurity training for government employees.
New York’s Chief Cyber Officer Colin Ahern said the law enhances statewide coordination and “serves as a blueprint for the nation.” Local governments can now use a new web portal to submit cyberattack reports and request support.
“New York State is leading the way in cybersecurity threat and ransomware reporting,” said Homeland Security Commissioner Jackie Bray. “Our teams will be better armed to protect important infrastructure.”
The legislation received backing from state lawmakers who called it essential for protecting critical services. “The unique threats digital attackers pose to our municipalities requires a strong and direct response,” said Assemblymember Billy D. Jones.
FingerLakes1.com is the region’s leading all-digital news publication. The company was founded in 1998 and has been keeping residents informed for more than two decades. Have a lead? Send it to [email protected].