Is Your Company Prepared for the New Cyber Incident Reporting Requirements?

Michael J. Montalbano

Stay up to date by subscribing to our blog. Add your e-mail address to the Subscribe box on the right (below the post on mobile) to get our timely posts delivered directly to your inbox.

On March 11, 2022, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022. The Law includes new reporting requirements for companies who experience cyber incidents or make ransomware payments.

Under the Law, covered entities that experience covered cyber incidents must report the incident to the Cybersecurity and Infrastructure Security Agency (“CISA”) within 72 hours after the covered entity reasonably believes that a covered cyber incident has occurred. Covered entities must also notify CISA within 24 hours of making a ransomware payment.

The new cyber reporting law tasks CISA with creating more precise definitions for who constitutes a “covered entity” and what constitutes a “cyber incident.” Even the general language of the statute, however, provides some guidance for companies.

Continue reading “Is Your Company Prepared for the New Cyber Incident Reporting Requirements?”
%d bloggers like this: