ICBA advocated updates to bipartisan legislation that would create a cyber incident reporting regime to avoid excessive burdens on community banks.
Background: The Cyber Incident Reporting Act (S. 2875) would establish a cyber incident response office at the Cybersecurity and Infrastructure Security Agency and require critical infrastructure, including financial institutions, to report cyber incidents within 72 hours.
ICBA Position: In a letter to lawmakers, ICBA:
- Expressed support for the bill’s goal of improving information sharing between CISA and the private sector and harmonizing the regime with existing regulations.
- Advocated loosening the 72-hour reporting timeline, expanding public-private information sharing, and removing duplicative penalties.
Next: The act is one of three bipartisan cyber incident reporting bills lawmakers are considering for inclusion in the 2022 National Defense Authorization Act.