When autocomplete results are available use up and down arrows to review and enter to select.
Lawmakers reached an agreement on bipartisan cyber incident reporting legislation that includes ICBA-advocated updates to avoid excessive burdens on community banks.
Background: Based on the Cyber Incident Reporting Act (S. 2875), the amendment to the fiscal 2022 National Defense Authorization Act would:
Establish a cyber incident response office at the Cybersecurity and Infrastructure Security Agency.
Require critical infrastructure, including financial institutions, to report cyber incidents within 72 hours.
ICBA-Backed Changes: As ICBA advocated in a letter to lawmakers last month, the legislation:
Directs CISA to rapidly share information on cyber threats.
Requires reporting of “substantial” cyber incidents, not potential or minor incidents.
Requires CISA to harmonize regulations to avoid duplicative reporting requirements.
Directs CISA to account for the size and complexity of cyber incidents in imposing penalties.
Includes liability protections.
Requires CISA to include trade associations in its rulemaking outreach.
What’s Next: The amendment will be considered by the House and Senate conference committee, which is meeting to resolve differences between each chamber’s versions of the NDAA. Once a final compromise is agreed to, the legislation will be voted on for final passage.