This bill mandates that municipalities, counties, and school districts in New Jersey report cybersecurity incidents. It requires the Attorney General, in collaboration with the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC), to create an online reporting form for designated employees of these entities to use when they become aware of incidents that compromise the integrity, confidentiality, or availability of their information systems. The bill outlines specific criteria for when the form should be submitted and establishes a timeline for the NJCCIC to contract an independent cybersecurity company to audit the affected entity's cybersecurity program and response actions within 30 days of the incident report.

Additionally, the bill stipulates that the audit results, along with any corrective action plans, must be submitted to the NJCCIC. The costs of the audit will be covered by the Department of Law and Public Safety, and municipalities, counties, or school districts can seek reimbursement for other related expenses. Importantly, any information shared regarding the cybersecurity incidents and audits will be exempt from disclosure under the Open Public Records Act, ensuring confidentiality for the entities involved.