This bill mandates that businesses classified as "sensitive," which includes those in the financial, essential infrastructure, and healthcare sectors, develop and implement comprehensive cybersecurity programs. The New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) will establish regulations that outline the standards for these programs, including the identification of responsible individuals, conducting risk assessments, and maintaining awareness of cyber threats. Sensitive businesses are required to submit their cybersecurity plans to the NJCCIC, which will not be publicly accessible, and must update their plans to align with the latest industry-recognized cybersecurity frameworks.

Additionally, the bill stipulates that sensitive businesses must certify their compliance with these cybersecurity requirements annually, with the certification signed by a responsible corporate officer or equivalent authority. If a business fails to submit the required plans or certifications, the NJCCIC is authorized to conduct an audit at the business's expense. The provisions of the bill will take effect immediately, although the specific requirements for developing cybersecurity programs will commence 90 days after the adoption of the relevant regulations.