States are introducing bans on ransomware payments by public agencies that get hit by this increasingly common cyberattack. This is an attempt to remove the low hanging fruit, typically municipalities have limited and poor security, which have made them easy targets.
North Carolina was the first state to enact such a law, in Nov. 2021. A similar bill in Florida which awaits the governor’s signature.
Pennsylvania and New York are also looking to introduce such legislation. One goal of these laws is to curb ransomware attacks on local governments by reducing the financial gain.
These laws will forcibly prompt local governments to beef up cybersecurity defenses. Though many of them lack the budget and staff to adequately respond to ransomware attacks and rely on the state for help.
So, state cybersecurity budgets will likely need to grow accordingly. The recent infrastructure bill included $1 billion of cybersecurity funding from the feds for state and local governments, which will also boost cyber defenses.
There is a potential loophole, though. While these laws restrict governments from negotiating directly with hackers and using taxpayer dollars to pay ransoms, they may still be able to have their insurers or other third parties pay the money…
Our government at work.