New York State has enacted a new cybersecurity law that imposes strict reporting requirements on local governments and public authorities. Under this law, cybersecurity incidents must be reported within 72 hours, and ransomware payments must be reported within 24 hours to the Division of Homeland Security and Emergency Services (DHSES). The legislation also mandates annual cybersecurity training for government employees and the implementation of data protection systems across state-run information systems.

Governor Kathy Hochul emphasized that, amid escalating global conflicts and evolving cyber threats, a "whole-of-government" approach is essential to safeguarding New Yorkers. This includes initiatives like the Joint Security Operations Center, designed for real-time cybersecurity coordination and intelligence sharing.

These requirements highlight the critical need for proactive threat detection and rich forensic capabilities. To meet tight reporting timelines and accurately assess the scope of an incident, organizations must have continuous monitoring, deep visibility into network activity, and detailed forensic data at their fingertips.

Without these capabilities, municipalities risk delayed response, incomplete reporting, and non-compliance - leaving essential services and public data vulnerable. Rich forensics not only supports compliance but also strengthens incident response, aids in root cause analysis, and enhances preparedness for future threats.

In a climate where state and local governments are on the front lines of cyberattacks, proactive detection and comprehensive forensics are no longer optional, they are foundational to both regulatory compliance and resilient cybersecurity operations. Read more about this story on our LinkedIn page