On April 4, the Cybersecurity and Infrastructure Security Agency published a notice of proposed rulemaking setting out mandatory reporting requirements for covered entities that experience cybersecurity incidents or make ransom payments in relation to a cybersecurity incident. While the rule will inevitably change following the notice and comment period, the proposed rule represents the overall approach that CISA will take when it promulgates a final rule.
Originally published by Law360 - May 8, 2024.
Please see full publication below for more information.