CCAO published County Advisory Bulletin 2025-13, County Cybersecurity Programs, today. The bulletin outlines several changes made in House Bill 96, the state operating budget, regarding cybersecurity procedures and programs for local governments.

HB 96 adds definitions of “cybersecurity incident” and “ransomware incident” to the Revised Code; creates new reporting requirements in the event of an incident; requires all counties and other political subdivisions to implement a cybersecurity program; and requires the legislative authority of the county to formally approve a payment or compliance with a ransom demand in a resolution.

If you have questions regarding the new cybersecurity requirements or the CAB, please contact Outreach & Member Engagement Manager Rachel Reedy at rreedy@ccao.org or Research Analyst Nick Ciolli at nciolli@ccao.org.