Over the last several years, New York State has significantly expanded cybersecurity measures in response to the ever-growing threat of cyberattacks against local governments. Cyberattacks have led to data breaches, ransomware threats, crippling disruptions, and major financial losses for targeted government entities. New York State Comptroller Thomas DiNapoli stated the following in 2023: “Cyberattacks are a serious threat to New York’s critical infrastructure, economy and our everyday lives. Data breaches at companies and institutions that collect large amounts of personal information expose New Yorkers to potential invasions of privacy, identity theft and fraud. Also troubling is the rise in ransomware attacks that can shut down systems we rely on for water, power, health care and other necessities. Safeguarding our state from cyberattacks requires sustained investment, coordination, and vigilance.”
Cyberattacks continue to threaten New York’s infrastructure in 2025, leading the State to implement additional protective measures. Governor Hochul’s 2025 State of the State address, delivered in January, laid out expanded initiatives to bolster cybersecurity efforts in local government entities. Among these initiatives are the mandated reporting of cyber incidents, mandatory cybersecurity awareness training for local government employees, and additional investments in the Office of Information Technology Services to improve cyber defense tools.
Mandated Reporting of Cyber Incidents
In the State of the State address, Governor Hochul announced plans for legislation requiring municipalities to report all cybersecurity incidents and ransom payment demands to the division of homeland security and emergency services. The details and status of the proposed legislation can be found here: Assembly Bill A6769. Local governments are not currently required to report such incidents to the State, leading to a gap in cybersecurity defenses. The new reporting requirements would allow the State to build a comprehensive picture of cyber threats, enabling more effective planning and responses to such risks.
Mandatory Cybersecurity Training for Government Employees
Currently, cybersecurity training is only available to executive branch employees in New York State. The governor has proposed extending mandatory cybersecurity awareness training to local governments as well. This annual training would be provided online, free of cost, to ensure equal access to local government employees across the state.
Investments in the Office of Information Technology Services
Additional investments in New York’s Office of Information Technology Services (ITS) have also been proposed as a means to continue strengthening state and local government networks against cybercrimes. The Office of Information Technology Services works to improve the resilience of government networks using advanced cyber tools.
Importance of Cybersecurity for Government Entities
Local governments are responsible for safeguarding a great deal of confidential information and critical infrastructure. As such, protecting government systems from cyber threats is of utmost importance. With cyber-attacks becoming more frequent and more sophisticated every day, municipalities need to prioritize cybersecurity and employee awareness. The proposed measures discussed above, if passed, will assist local governments in their efforts against cyber threats.
For now, local governments should monitor the status of the proposed legislation and training requirements. If passed, these new mandates will require municipalities to implement updated reporting mechanisms and training procedures. Municipalities can also visit the Cybersecurity & Infrastructure Security Agency (CISA) and the NYS Office of Information Technology Services Local Government Cybersecurity webpage for access to online training, information resources, cybersecurity awareness, and cybersecurity toolkits for local governments.
While you focus on strengthening cybersecurity in your municipality, know that RBT CPAs is available to support your accounting, audit, advisory, and tax needs. We’ve been proudly serving municipalities, businesses, non-profits, and individuals in the Hudson Valley for over 55 years. Please don’t hesitate to give us a call and find out how we can be Remarkably Better Together.