Proposed rule to require reporting of cyberattacks, ransomware payments
The Cybersecurity and Infrastructure Security Agency announced a notice of proposed rulemaking to implement a 2022 law requiring financial institutions and other “critical infrastructure” businesses to report cyber incidents and ransomware payments.