A new Florida law requires state and local government agencies to report to the state’s Cybersecurity Operations Center any ransomware incident within 12 hours; and any emergency-level, severe-level, or high-level cybersecurity incident – within 48 hours.
Such reports must specify at least the following information:
- A summary of the facts surrounding the incident.
- The date of the last data backup, the physical location of the backup, whether the backup was affected, and whether the backup was created using cloud computing.
- The types of data compromised by the incident.
- The estimated fiscal impact of the incident.
- In case of a ransomware incident, the details of the ransom demanded.
Agencies are also required to develop strategic and operational cybersecurity plans and establish managerial, operational, and technical safeguards for protecting the confidentiality, integrity, and availability of information and data.
CLICK HERE to read Florida’s new cybersecurity act.