This bill mandates that municipalities, counties, and school districts in New Jersey implement specific procedures, reporting mechanisms, and training in response to cybersecurity incidents. The Attorney General, in collaboration with the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC), is tasked with developing an online reporting form and a cybersecurity awareness training program for designated employees of these entities. Upon awareness of a cybersecurity incident, these employees must promptly report the incident using the online form if it compromises critical functions of their information systems. The NJCCIC is required to contract an independent cybersecurity company to audit the affected entity's cybersecurity program and response actions within 30 days of the incident report.

Additionally, the bill stipulates that all relevant employees must complete the cybersecurity awareness training program within six months of an audit, with verification of completion reported to the NJCCIC. The governing bodies of municipalities, counties, and school districts are also required to conduct periodic audits to ensure compliance with the training requirements. Entities may apply for reimbursement of costs incurred under the bill, and any information related to reported incidents, audits, and training will be exempt from public disclosure under the Open Public Records Act.