Minnesota has enacted a new law requiring public agencies and their contractors to report cybersecurity incidents to state IT officials. This measure, which went into effect on December 1, 2024, aims to enhance the state’s preparedness and response to growing cyber threats.
Who Must Comply?
The law applies to a broad range of entities, including:
- Public agencies at the state, county, city, and township levels
- School districts, charter schools, intermediate districts, and cooperative units
- Public post-secondary institutions
- Government contractors and vendors
These organizations must use a standardized reporting form, available since September 30, 2024, to submit incidents to Minnesota IT Services (MNIT).
Using Data to Prevent Future Attacks
MNIT and the Minnesota Bureau of Criminal Apprehension will analyze the collected data to identify trends and common vulnerabilities. These insights will help the state anticipate and prevent future cybersecurity incidents.
Eric Simmons, Director of Technology at Stillwater Area Public Schools, highlighted the importance of the new mandate, stating:
“Schools are prime attack targets, yet many lack the resources to respond effectively. Minnesota’s cybersecurity incident reporting law highlights the critical collaboration between MNIT and school districts to combat growing cyber threats.”
A Part of Minnesota’s Broader Cybersecurity Efforts
This law builds on Minnesota’s first-ever statewide cybersecurity plan, introduced in 2023 with nearly $24 million in state and federal funding. The plan aimed to strengthen the cyber defenses of more than 3,000 government entities across the state.
MNIT has committed to providing ongoing updates and guidance to ensure compliance with the reporting requirements, furthering its mission to safeguard Minnesota’s digital infrastructure.
For more information and access to the reporting form, visit Minnesota IT Services.