ICBA-backed updates included in cyber reporting bill

Lawmakers reached an agreement on bipartisan cyber incident reporting legislation that includes ICBA-advocated updates to avoid excessive burdens on community banks.

Background: Based on the Cyber Incident Reporting Act (S. 2875), the amendment to the fiscal 2022 National Defense Authorization Act would:

Establish a cyber incident response office at the Cybersecurity and Infrastructure Security Agency.
Require critical infrastructure, including financial institutions, to report cyber incidents within 72 hours.

ICBA-Backed Changes: As ICBA advocated in a letter to lawmakers last month, the legislation:

Directs CISA to rapidly share information on cyber threats.
Requires reporting of “substantial” cyber incidents, not potential or minor incidents.
Requires CISA to harmonize regulations to avoid duplicative reporting requirements.
Directs CISA to account for the size and complexity of cyber incidents in imposing penalties.
Includes liability protections.
Requires CISA to include trade associations in its rulemaking outreach.

What’s Next: The amendment will be considered by the House and Senate conference committee, which is meeting to resolve differences between each chamber’s versions of the NDAA. Once a final compromise is agreed to, the legislation will be voted on for final passage.

ICBA-backed updates included in cyber reporting bill

NewsWatch Today Contacts

Independent Community Bankers of America

ICBA-backed updates included in cyber reporting bill

NewsWatch Today Contacts

Related News

CFPB Penalty Against VyStar Credit Union Exemplifies Consumer Impact of Tax-Exempt Industry’s Lagging Regulatory Oversight

Independent Banker: Faster payments don’t have to lead to faster fraud

ICBA shares tips for Cybersecurity Awareness Month

ICBA Shares Consumer Tips to Protect Financial Data During Cybersecurity Awareness Month