MS SB2717

Requires Mississippi Department of Information Technology Services (MDITS) to evaluate opportunities for expanding the Enterprise Security Program to include governing authorities and complete evaluation by November 1, 2023.

Mandates all state agencies report any ransomware demands or payments to MDITS no later than the next business day following discovery, effective July 1, 2023.

Defines "ransomware" as unauthorized computer contaminant or lock that restricts access and where the responsible party demands payment to restore access or remediate the impact.

Requires MDITS to develop a reporting format for agencies, analyze reports for patterns and weaknesses, and present yearly summaries of ransomware incidents to state leadership by November 1 each year.

Exempts evaluation records and ransomware reports from the Mississippi Public Records Act to protect sensitive cybersecurity information.