U.S. Lawmakers Push for Laws Requiring Increased Reporting of Ransomware Attacks
Despite the magnitude of the problem, most states don’t have such statutory requirements, so they can’t always warn other agencies that might be hit or help bolster their defenses.
Facing an overall lack of statutory requirements, state legislators around the country are introducing bills requiring public agencies to report cyberattacks to their state governments, warning other agencies that they might be hit and potentially helping them to bolster their defenses, reports Pew Stateline.
While all 50 states have security breach notification laws that require businesses to report a data breach to consumers whose personal information was compromised, and many also require government entities to do the same, as well as report such breaches to the attorney general’s office or state information technology office, ransomware and other cyberattacks don’t always involve a release of personal information, so they may not have to be reported. No one has complete data showing how many state and local governments are victimized in ransomware attacks. If reporting were required in all 50 states, it would allow state cybersecurity officials to offer locals assistance with training and other resources.