MS SB2703

Defines "ransomware incident" as a malicious cyberattack where unauthorized software gains access to or encrypts state agency data, followed by a demand for ransom to restore access or prevent publication of the data.

Prohibits state agencies from paying any ransom demand in response to a ransomware incident.

Requires all state agencies to notify the Mississippi Department of Information Technology Services of any cyberattack or ransomware incident no later than the close of the next business day after discovery.

Directs MDITS to develop a reporting format for notifications and periodically analyze reports to identify patterns or weaknesses in the state's cybersecurity efforts.

Takes effect July 1, 2024.