January 31, 2023

Mandatory Cyber Reporting in Omnibus Bill

The cyber reporting legislation would require private companies to report cybersecurity incidents to CISA and with bipartisan support has been attached to an omnibus spending bill set for consideration in the Senate Thursday following House passage. Critical infrastructure entities would be required to report a “reasonable belief” a cybersecurity incident within 72 hour, some ransomware payments within 24 hours.