New Cybersecurity Law Now in Effect in New York State

Imagine a world where ransomware attacks happen—and governments know immediately. In New York, that world is now a reality. Governor Hochul’s bold and sweeping “new cybersecurity law” has officially taken effect, ushering in a new era of relentless preparedness and digital defenses.

What’s Changing: The Law in Focus

Governor Kathy Hochul has made it clear that cybersecurity isn’t optional—it’s mandatory. The legislation, known as S.7672A/A.6769A, was first unveiled during her 2025 State of the State address and was signed into law on June 27, 2025.

Here’s what’s required under the new cybersecurity law in New York State:

• Cybersecurity incidents must be reported to the NYS Division of Homeland Security and Emergency Services (DHSES) within 72 hours.
• Ransomware payments must be reported within 24 hours, and within 30 days, the victim must detail the payment amount, justification, and legal diligence.

This transparency framework arms state agencies with real‑time data to detect trends fast and protect critical infrastructure more effectively.

Bolstering Readiness: Training & Standards

Beyond reporting, the law mandates:

• Annual cybersecurity awareness training for all government employees across New York State.
• Clear data protection standards for state‑maintained systems.

As Dru Rai, Chief Information Officer, emphasized:

“Under Governor Hochul’s leadership, New York is showing the rest of the nation how to skillfully and thoroughly enhance the cybersecurity posture…”.

Voices from the Field

• Governor Hochul: “This legislation strengthens our response and provides… the necessary information to handle reports of attacks and keep New Yorkers safe.”
• Jackie Bray, DHSES Commissioner: “New York State is leading the way in cybersecurity threat and ransomware reporting.”
• Colin Ahern, Chief Cyber Officer: “We are stronger together, enabling coordinated response and information sharing, and serving as a blueprint for the nation.”

Why the Law Matters: Real-World Impact

This is more than just bureaucracy—it’s resilience in action. Ransomware threats are evolving toward faster, more destructive attacks. Mandating rapid reporting and accountability ensures a coordinated, statewide response—minimizing disruptions and preventing cascading failures in essential services.

Plus, annual training and clear standards ensure that government teams aren’t just reactive—they’re proactive.

Opportunities for Tech Providers: IT Consulting NYC & Cybersecurity Services

The new law opens the door for cybersecurity services, IT consulting NYC, IT support NYC, and IT services NYC firms to step in and help:

• Implement systems for 24/72-hour incident reporting to DHSES.
• Offer cyber awareness training and data protection audits.
• Optimize controls and automate vulnerability monitoring to ensure compliance.

Local IT consulting providers can tailor solutions to meet municipal needs, making this a prime moment for partnerships.

Conclusion: Strategy Beyond the Headlines

This legislation is a milestone—a living firewall around New York’s digital heart. By empowering DHSES with real-time incident data, enforcing training, and setting clear standards, the state is making cybersecurity everyone’s business.

The future is collaborative: government agencies, local municipalities, and the IT services community must work hand in hand. Together, they’ll safeguard critical infrastructure, support rapid response, and elevate New York as a national model of digital defense.