On March 15, 2022, The Cybersecurity Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) was signed into law, and mandates that certain entities notify federal authorities within 72 hours of being subject to a cyber incident and within 24 hours after making certain types of ransomware payments. While the Cybersecurity and Infrastructure Security Agency (CISA) works on implementing regulations per the legislation, businesses should begin assessing whether their incident response plans (IRP) align with the law’s key provisions. This article summarizes CIRCIA’s most burdensome obligations and provides guidance on the initiatives that businesses can incorporate into their IRPs to comply with the law and minimize their cybersecurity risk.
The article was published by Law360, a legal news service that delivers newsletters to more than two million daily readers’ inboxes covering over 60 practice areas and industries.
For more information visit our Cyber Risk page or contact:
Steven G. Stransky
Partner, Co-Chair, Privacy & Cybersecurity
Note: This communication is for informational purposes only. Although every reasonable effort is made to present current and accurate information, Oswald makes no guarantees of any kind and cannot be held liable for any outdated or incorrect information. View our communications policy.