New York Gov. Kathy Hochul on Friday signed into law S.7672A/A.6769A, which aims to enhance the cybersecurity of state and local government networks across the state.
The legislation requires all municipal corporations and public authorities to report cyber incidents and ransom payments to the New York State Division of Homeland Security and Emergency Services (DHSES).
Under the new law, municipalities and public authorities have 72 hours to report cybersecurity incidents to DHSES and 24 hours to report ransom payments.
It also mandates annual cybersecurity awareness training for government employees across New York. Additionally, the law sets data protection standards for state-maintained information systems.
“My top priority as Governor is the security and safety of all New Yorkers, and with this legislation we’re strengthening our ability to respond to and ultimately prevent cyber threats all across our state,” Gov. Hochul said in a June 27 press release.
“As global conflicts escalate and cyber threats evolve, so must our response, and we are taking a whole of government approach in doing so. Requiring timely incident reporting and providing annual cybersecurity training for government employees will build a stronger digital shield for every community across the State and ensure they get the support they need when it matters most,” the governor added.
Gov. Hochul first announced the legislation in her 2025 State of the State. She officially announced the new law on Friday after meeting with city, county, town, and village officials from across New York to discuss current cybersecurity efforts.
“The cyber threats that municipalities face have never been more numerous, more sophisticated, or more dangerous, and coordinated whole-of-government information sharing is more important than ever to tackle these threats,” said New York State Chief Cyber Officer Colin Ahern. “This legislation will enable New York State to build situational awareness of statewide cyber threat activity and create a comprehensive threat picture that can protect all New Yorkers.”
“Ensuring that state and local government employees complete annual cybersecurity awareness training adds another line of cyber defense and empowers government employees statewide to recognize and respond to cyber threats,” Ahern added.
