Covered entities must notify DFS within 72 hours of a cybersecurity event that has a reasonable likelihood of materially harming normal operations or that requires reporting under other laws. Covered entities must also notify DFS within 24 hours of making a ransom payment and provide details within 30 days. Third-party cybersecurity events affecting the covered entity must also be reported within 72 hours.
Keep Exploring
References