New Minnesota Law Mandates Cyberattack Reporting by Public Agencies

Minnesota has enacted a new law requiring public agencies and their contractors to report cybersecurity incidents to state IT officials. This measure aims to enhance the state’s preparedness and response to growing cyber threats.

Published on December 4, 2024

cybersecurity
Two technology professionals work diligently in a bright office setting, one focusing on a laptop while the other engages with a large monitor, coding together.

Minnesota has enacted a new law requiring public agencies and their contractors to report cybersecurity incidents to state IT officials. This measure, which went into effect on December 1, 2024, aims to enhance the state’s preparedness and response to growing cyber threats.

Who Must Comply?

The law applies to a broad range of entities, including:

  • Public agencies at the state, county, city, and township levels
  • School districts, charter schools, intermediate districts, and cooperative units
  • Public post-secondary institutions
  • Government contractors and vendors

These organizations must use a standardized reporting form, available since September 30, 2024, to submit incidents to Minnesota IT Services (MNIT).

Using Data to Prevent Future Attacks

MNIT and the Minnesota Bureau of Criminal Apprehension will analyze the collected data to identify trends and common vulnerabilities. These insights will help the state anticipate and prevent future cybersecurity incidents.

Eric Simmons, Director of Technology at Stillwater Area Public Schools, highlighted the importance of the new mandate, stating:

“Schools are prime attack targets, yet many lack the resources to respond effectively. Minnesota’s cybersecurity incident reporting law highlights the critical collaboration between MNIT and school districts to combat growing cyber threats.”

A Part of Minnesota’s Broader Cybersecurity Efforts

This law builds on Minnesota’s first-ever statewide cybersecurity plan, introduced in 2023 with nearly $24 million in state and federal funding. The plan aimed to strengthen the cyber defenses of more than 3,000 government entities across the state.

MNIT has committed to providing ongoing updates and guidance to ensure compliance with the reporting requirements, furthering its mission to safeguard Minnesota’s digital infrastructure.

For more information and access to the reporting form, visit Minnesota IT Services.