Media Center


Preparing For New Mandatory Cyber Reporting Rules

Lacy Rex and Steven G. Stransky April 13, 2022

Lacy Rex of Oswald Companies and Steven G. Stransky of Thompson Hine recently published on Law360 an article, “Preparing For New Mandatory Cyber Reporting Rules,” which can be accessed in full here.

On March 15, 2022, The Cybersecurity Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) was signed into law, and mandates that certain entities notify federal authorities within 72 hours of being subject to a cyber incident and within 24 hours after making certain types of ransomware payments. While the Cybersecurity and Infrastructure Security Agency (CISA) works on implementing regulations per the legislation, businesses should begin assessing whether their incident response plans (IRP) align with the law’s key provisions. This article summarizes CIRCIA’s most burdensome obligations and provides guidance on the initiatives that businesses can incorporate into their IRPs to comply with the law and minimize their cybersecurity risk.

The article was published by Law360, a legal news service that delivers newsletters to more than two million daily readers’ inboxes covering over 60 practice areas and industries.

Read full Article button

For more information visit our Cyber Risk page or contact:

Lacy RexLacy Rex
Cyber Strategic Leader
Oswald Companies



Steven G. StranskySteven G. Stransky
Partner, Co-Chair, Privacy & Cybersecurity
Thompson Hine



Note: This communication is for informational purposes only. Although every reasonable effort is made to present current and accurate information, Oswald makes no guarantees of any kind and cannot be held liable for any outdated or incorrect information. View our communications policy.