As cyber threats grow more sophisticated and persistent, states like New York are increasing cybersecurity requirements, including for local governments.
In a recent Government Technology article, New York has enacted a new law that aims to strengthen cybersecurity requirements for local governments and public authorities. Under the law, agencies must report cyber incidents within 72 hours and ransomware payments within 24 hours to the State’s Division of Homeland Security and Emergency Services. It also mandates annual cybersecurity training for government employees and requires state-managed information systems to have data protection measures.
Local governments operate with limited resources, and if states choose to implement new cybersecurity mandates, they must also provide the funding and support necessary to meet those requirements effectively.
From the article:
That could potentially lead to more state help for local agencies faced with such demands — part of the increasing trend toward whole-of-state cybersecurity protection.
As global conflicts escalate and cyber threats evolve, so must our response, and we are taking a whole of government approach in doing so, said New York Governor Kathy Hochul.
These efforts reflect growing national concern over cyber threats targeting critical public services.
At the 2025 MACo Summer Conference Information Technology session, “The Cyberattack “Hot Wash” – Lessons Learned After Things Went Wrong” panelists will explore the growing cyber threat landscape facing local governments and learn about state and federal resources designed to support prevention, response, and recovery efforts.
The 2025 MACo Summer Conference will be held at the Roland Powell Convention Center in Ocean City, MD from August 13-16. This year’s theme is “Funding the Future: The Evolving Role of Local Government.” More information can be found on our conference website.
Learn more about MACo’s Summer Conference:
