Expert: NYS ‘Late to the Party’ on Cybersecurity

By Thomas Montana

This has been updated on August 5 with information from Senator Monica R. Martinez.

A local cybersecurity expert says New York has waited too late to address the cybersecurity threat.

Ed Eisenstein, Chief Executive Officer at United Network Associates, believes that New York is behind in its cybersecurity efforts. This is coming after Governor Kathy Hochul announced today that legislation aimed at enhancing cybersecurity across New York, is now in effect.

“I mean NY state leading the cyberwar. Talk about late to the party,” said Eisenstein. “After trillions are stolen and after 20 years of active cyberattacks, now NY state government wants to help. It’s a little late.”

“Here in New York, we are keeping up with technology’s fast-paced evolution and are resilient in the face of cybersecurity threats,” Hochul said. “This legislation strengthens our response and provides our state’s Department of Homeland Security and Emergency Services the necessary information to handle reports of attacks and keep New Yorkers safe.”

The bill, which was first announced in Hochul’s 2025 State of the State address, requires all municipal corporations and public authorities to report cybersecurity incidents within 72 hours and ransomware payments within 24 hours to the New York State Division of Homeland Security and Emergency Services. Within 30 days of making a ransomware payment, the victim must provide the payment amount, a justification for why it was necessary and an explanation of the diligence performed to ensure the payment was lawful.

“Protecting the public is government’s most important responsibility, but attacks on critical infrastructure put essential services and the people who rely on them at risk,” said State Senator Monica R. Martinez, who sponsored the bill. “This bill gives municipalities the structure, support, and accountability they need to protect residents and taxpayers from prolonged disruption in the event of a cyberattack.”

However, Eisenstein questions the timeliness of Hochul’s announcement. Eisenstein implored local and state governments to run vulnerability scans on their cyber infrastructure immediately.