This bill mandates that municipalities, counties, and school districts in New Jersey implement specific procedures, reporting mechanisms, and training in response to cybersecurity incidents. The Attorney General, in collaboration with the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC), is tasked with developing an online reporting form and a cybersecurity awareness training program for designated employees of these entities. Upon awareness of a cybersecurity incident, these employees must promptly report the incident using the online form if it compromises critical functions of their information systems. The NJCCIC is required to contract with an independent cybersecurity company to conduct an audit of the affected entity's cybersecurity program and response actions within 30 days of the incident report.

Furthermore, the bill stipulates that all municipal, county, and school district employees must complete the cybersecurity awareness training program within six months of an audit, with verification of completion reported to the NJCCIC. The governing bodies are also required to conduct periodic audits to ensure compliance with the training requirements. Additionally, municipalities, counties, and school districts can apply for reimbursement from the Department of Law and Public Safety for costs incurred under the bill's provisions. Importantly, any information related to reported cybersecurity incidents, audits, and training is exempt from disclosure under the Open Public Records Act.