The bill proposes the enactment of section 9.64 of the Revised Code, which mandates that political subdivisions in Ohio adopt a comprehensive cybersecurity program. This program is designed to safeguard the data and information technology resources of these subdivisions, ensuring their availability, confidentiality, and integrity. The legislation defines key terms such as "cybersecurity incident," "political subdivision," and "ransomware incident," and outlines the responsibilities of political subdivisions in the event of a ransomware incident, including the requirement for legislative authority approval before any ransom payment is made.

Additionally, the bill stipulates that the legislative authority of each political subdivision must develop a cybersecurity program that aligns with best practices, including those from the National Institute of Standards and Technology and the Center for Internet Security. The program must include measures for identifying critical functions and risks, detecting potential threats, establishing communication channels during incidents, and providing cybersecurity training for employees. Furthermore, the bill requires that any cybersecurity incidents be reported to the Division of Homeland Security and the Auditor of State within specified timeframes, and it establishes that related records are not considered public records.