This bill mandates that businesses classified as "sensitive," which includes those in the financial, essential infrastructure, and healthcare sectors, develop and implement comprehensive cybersecurity programs. The New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) will establish regulations that outline the standards for these programs, including the identification of responsible individuals, conducting risk assessments, and maintaining awareness of cyber threats. Sensitive businesses are required to submit their cybersecurity plans to the NJCCIC, which will not be publicly disclosed, and must ensure their plans align with recognized cybersecurity frameworks.

Additionally, the bill stipulates that sensitive businesses must revise their cybersecurity programs in accordance with updates to the established frameworks and submit annual certifications of compliance to the NJCCIC. If a business fails to comply, it will be subject to an audit by an independent cybersecurity firm at its own expense. The provisions of the bill will take effect immediately, with specific regulations becoming enforceable 90 days after their adoption.