This bill mandates that municipalities, counties, and school districts in New Jersey report cybersecurity incidents. It requires the Attorney General, in collaboration with the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC), to create an online reporting form for designated employees of these entities to use when they become aware of a cybersecurity incident that compromises the integrity, confidentiality, or availability of their information systems. The bill outlines specific criteria for what constitutes a reportable incident and establishes a timeline for reporting.

Upon receiving a report, the NJCCIC must contract with an independent cybersecurity company within 30 days to audit the affected entity's cybersecurity program and response actions. The audit, which will be funded by the Department of Law and Public Safety, will identify vulnerabilities and recommend strategies for improvement. Additionally, the bill stipulates that any information related to the reported incidents and audits will be exempt from disclosure under the Open Public Records Act, ensuring confidentiality for the entities involved.