For many organizations, cybersecurity has traditionally been viewed as an IT responsibility. Ohio House Bill 96 makes it clear that it’s also a governance and business responsibility. The new law establishes cybersecurity requirements for Ohio public entities and organizations that receive government funding.
While the specifics vary by organization, the message is consistent: cybersecurity readiness is mission-critical. For leaders, the question isn’t simply, “Are we compliant?” It’s, “Are we prepared?”
Ohio House Bill 96 requires covered organizations to adopt a formal cybersecurity program designed to protect their systems, data and technology resources. The law also establishes cybersecurity incident reporting requirements, outlines expectations for responding to ransomware incidents and reinforces the importance of employee cybersecurity awareness and training.
Basically, organizations are expected to build programs that align with recognized cybersecurity best practices rather than relying on informal policies or reactive responses.
While many organizations already have security tools in place, HB 96 shifts the conversation beyond technology. Policies, governance, documentation and ongoing risk management are all part of the equation.
HB 96 applies to Ohio political subdivisions, including counties, cities, villages, townships and school districts. It also has important implications for organizations that receive government funding or work closely with public entities, many of which are evaluating how the new requirements may affect their cybersecurity programs and contractual obligations.
Even organizations that are not directly subject to the law may find themselves strengthening security practices as cybersecurity expectations continue to evolve.
Meeting the requirements of HB 96 is important, but compliance alone should not be the only goal. A strong cybersecurity program helps organizations identify risks, respond more effectively to incidents and better protect the information entrusted to them. It also creates greater confidence among employees, governing boards, community stakeholders and funding partners.
Rather than viewing HB 96 as another regulatory hurdle, organizations can use it as an opportunity to evaluate their current cybersecurity posture, identify gaps and develop a roadmap for continuous improvement.
After all, cybersecurity is an ongoing process of assessing risk, strengthening safeguards and adapting to an evolving threat landscape.
If your organization is still determining what HB 96 means or where to begin, you're not alone.
DMC Technology Group is helping organizations understand the new requirements, evaluate their current cybersecurity readiness and develop practical strategies for moving forward. The goal should be to build a stronger foundation for long-term security and resilience.
Find out what Ohio House Bill 96 means for your organization and the practical steps you can take to strengthen compliance and cybersecurity readiness. DMC is hosting a lunch-and-learn: Ohio HB 96 Compliance, Risk & Readiness, Friday. July 10, 11:30 a.m. – 1:00 p.m.
The session will feature cybersecurity expert John Crisp, founder of FalconForgeAI, and explore how organizations can prepare for the new requirements, reduce risk and leverage AI-powered tools to support ongoing compliance efforts.
Whether you're just beginning your planning process or refining an existing cybersecurity program, you'll leave with practical insights you can put to work immediately. Register today.
President, DMC Technology Group
