This bill mandates that municipalities, counties, and school districts in New Jersey implement specific procedures, reporting mechanisms, and training in response to cybersecurity incidents. The Attorney General, in collaboration with the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC), is tasked with developing an online reporting form and a cybersecurity awareness training program for designated employees of these entities. When a cybersecurity incident occurs, the designated employee must promptly report it using the online form if it compromises critical functions or information systems. Following the report, the NJCCIC is required to contract an independent cybersecurity company to audit the affected entity's cybersecurity program and response actions within 30 days.

Additionally, the bill stipulates that all relevant employees must complete the cybersecurity awareness training program within six months of an audit, with verification of completion reported to the NJCCIC. The governing bodies of municipalities, counties, and school districts are also required to conduct periodic audits to ensure compliance with the training requirements. The bill allows these entities to apply for reimbursement of costs incurred due to its requirements and ensures that any information related to reported incidents, audits, and training is exempt from public disclosure under the Open Public Records Act.