EsqSocial

On April 4, 2024, the Cybersecurity and Infrastructure Security Agency (“CISA”) published for public comment a long-awaited proposed rule to implement the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”).1 CIRCIA was signed into law on March 15, 2022 and requires covered entities to report “significant” cyber incidents within 72 hours and ransomware payments within 24 hours. Under the new law, covered entities are also subject to supplemental reporting requirements and...
By: King & Spalding