This bill mandates that municipalities, counties, and school districts in New Jersey report cybersecurity incidents. It requires the Attorney General, in collaboration with the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC), to create an online reporting form for designated employees of these entities to use when they become aware of a cybersecurity incident that compromises the integrity, confidentiality, or availability of their information systems. The bill outlines specific criteria for what constitutes a cybersecurity incident and establishes a timeline for reporting and auditing these incidents.

Once a cybersecurity incident is reported, the NJCCIC must contract with an independent cybersecurity company to conduct an audit of the affected entity's cybersecurity program and response actions within 30 days. The audit will identify vulnerabilities and recommend strategies for improvement, and the costs will be covered by the Department of Law and Public Safety. Additionally, the bill stipulates that any information related to the reported incidents and audits will be exempt from disclosure under the Open Public Records Act, ensuring confidentiality for the municipalities, counties, and school districts involved.