Mason Clark


After years of legislative debate, Congress passed a new law requiring key businesses to report certain data breaches—or “covered incidents”—to the government. Signed by President Biden on March 15, 2022, the law, part of the Strengthening American Cybersecurity Act, requires companies that operate critical infrastructure—financial institutions, utilities, and other organizations—to share information with the Cybersecurity and Infrastructure Security Agency (CISA) about certain cybersecurity incidents within 72 hours and ransomware payments to cyber criminals within 24…