Preparing For New Mandatory Cyber Reporting Rules

Date: March 28, 2022

Publication: Law360

Steven G. Stransky (Thompson Hine) and Lacy Rex (Oswald Companies) recently published on Law360 an article, “Preparing For New Mandatory Cyber Reporting Rules,” which can be accessed in full here.

On March 15, 2022, The Cybersecurity Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) was signed into law, and mandates that certain entities notify federal authorities within 72 hours of being subject to a cyber incident and within 24 hours after making certain types of ransomware payments. While the Cybersecurity and Infrastructure Security Agency (CISA) works on implementing regulations per the legislation, businesses should begin assessing whether their incident response plans (IRP) align with the law’s key provisions. This article summarizes CIRCIA’s most burdensome obligations and provides guidance on the initiatives that businesses can incorporate into their IRPs to comply with the law and minimize their cybersecurity risk.

The article was published by Law360, a legal news service that delivers newsletters to more than 2 million daily readers’ inboxes covering over 60 practice areas and industries.

Steven G. Stransky is a partner and co-chair of Thompson Hine’s Privacy & Cybersecurity group. He is also an adjunct law professor at Frederick K. Cox International Law Center at Case Western Reserve University School of Law, where he teaches courses on foreign affairs, national security and constitutional war powers.

Lacy Rex is Vice President, Cyber Strategic Leader at Oswald Companies and has over 13 years of experience in the insurance industry, and concentrates on executive risk coverages. She focuses on cyber liability and technology errors and omissions liability lines of coverage. She works closely with carriers to draft policy enhancements and frequently speaks and blogs about cyber liability topics.

For more information contact:

Steven G. Stransky