The 72-hour rule requires covered entities to notify the DFS Cybersecurity Division within 72 hours of determining that a cybersecurity event has occurred that has a reasonable likelihood of materially harming normal business operations or requires reporting under any law. Notification is submitted through the DFS portal. The 72-hour clock starts when the covered entity determines the event meets the reporting threshold.
Keep Exploring