ICBA seeks updates to cyber reporting bill

ICBA advocated updates to bipartisan legislation that would create a cyber incident reporting regime to avoid excessive burdens on community banks.

Background: The Cyber Incident Reporting Act (S. 2875) would establish a cyber incident response office at the Cybersecurity and Infrastructure Security Agency and require critical infrastructure, including financial institutions, to report cyber incidents within 72 hours.

ICBA Position: In a letter to lawmakers, ICBA:

• Expressed support for the bill’s goal of improving information sharing between CISA and the private sector and harmonizing the regime with existing regulations.
• Advocated loosening the 72-hour reporting timeline, expanding public-private information sharing, and removing duplicative penalties.

Next: The act is one of three bipartisan cyber incident reporting bills lawmakers are considering for inclusion in the 2022 National Defense Authorization Act.