Mentor adopts cybersecurity policy to meet state requirement

City Manager Ken Filipiak told council that the ordinance implements requirements adopted earlier in the year through House Bill 96 and Section 9.64 of the Revised Code. Filipiak said the state law requires local governments to adopt policies and standards to safeguard against cybersecurity threats and ransomware, to notify the Department of Homeland Security and the state auditor in the event of an incident, and to require legislative authorization for any ransomware payment.

"What it does is it requires us to adopt policies and standards to safeguard against cybersecurity threats and ransomware attacks," Filipiak said, summarizing key elements of the state mandate. He added the policy attached to the ordinance "generally meets all those requirements" and that many provisions were already in place locally.

Council moved and seconded adoption and, by roll-call vote, approved ordinance 25-OD-091 and declared an emergency so the policy takes effect immediately.

Why it matters: The ordinance aligns the city with a new statewide statutory requirement and sets clear notice, authorization and recovery procedures for cybersecurity incidents ahead of the Jan. 1, 2026 compliance deadline.