The federal government is planning to require certain businesses to report when they are victims of cyberattacks. CISA’s proposed rule would require a critical infrastructure company (a covered entity) to report to CISA within 72 hours after that entity experiences a substantial cyber incident (a covered event).
CISA estimates the rule would cost around $2.6 billion over 11 years. Cybercrime is estimated to cost the United States over $450 billion in 2024