Cybersecurity Reporting: Examples of Incidents to Report

• Below are common categories of cybersecurity incidents and representative examples that must be reported by municipal corporations and public authorities.
• Please note that this is a non-exhaustive list and is not a complete representation of all possible reportable incidents.
• Specific reporting requirements and a definition of cybersecurity incident can be found in Article 19-c of the General Business Law.

What It Is: When an unauthorized party gains access to a user’s account or is able to act on their behalf.

What to Report: Any employee credentials that are obtained and used by an unauthorized party to access accounts, systems or data.

What It Is: Unauthorized disclosure of sensitive, confidential, and/or personal information.

What to Report: Any instance where sensitive, confidential, and/or personal information has been disclosed to an unauthorized party, whether inadvertently or part of a security breach.

What It Is: An attack intended to disrupt, degrade or exhaust the resources of a system, network, or service, making it slow, unreliable, or completely unavailable to its intended users.

What to Report: Any attacks that interrupt, degrade, or deny normal operation of systems, networks, or services.

What It Is: Financial transactions resulting in the misdirection of funds to an unintended account due to fraudulent, deceptive, or unauthorized activity.

What to Report: Any financial transaction misdirected to an unintended account as a result of phishing, social engineering, system compromise, or similar manipulation, regardless of whether the transaction was authorized or initiated internally.

What It Is: Any unauthorized or harmful behavior that occurs over a computer network with the intent to compromise, disrupt, or misuse systems, data, or network resources.

What to Report: Any attacks or attempts that disrupt, alter, damage, or gain unauthorized access to systems, networks, or data.

What it is: Malicious software designed to disrupt, alter, damage, or gain unauthorized access to computer systems.

What to Report: Any malware that successfully executes, evades security controls, or modifies system configurations, applications, or data.

What It Is: Any unauthorized physical or logical access or interference with hardware or software systems that interact with the physical environment through the monitoring and/or control of devices, processes, and events.

What to Report: Any disruption or anticipated disruption of physical processes, damage to equipment, and/or threats to human safety and/or the environment.

What It Is: Attempts to trick users into revealing information, such as financial information, system login credentials, or other sensitive information, or to take actions that result in harm to systems or data.

What to Report: Any successful phishing attempt or scam that bypasses security defenses and results in a compromise of accounts, systems, or data.

What It Is: Malicious software designed to encrypt files on a device, rendering both the files and any systems that rely on them inoperable.

What to Report: Any ransomware related activity, including pre-ransomware activity, regardless of whether encryption occurs, and/or any activity involving data exfiltration.

What It Is: Any attempt to access systems, networks, or data without proper authorization.

What to Report: Any confirmed instance where unauthorized access has been achieved by defeating, bypassing, or otherwise circumventing established authentication or security controls.