This bill mandates that municipalities, counties, and school districts in New Jersey implement specific procedures, reporting mechanisms, and training programs in response to cybersecurity incidents. The Attorney General, in collaboration with the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC), is tasked with developing an online reporting form and a cybersecurity awareness training program. Designated employees of these entities must promptly report any cybersecurity incidents that compromise their information systems or infrastructure. Following a report, the NJCCIC is required to contract an independent cybersecurity company to conduct an audit of the affected entity's cybersecurity program and response actions within 30 days.

Additionally, the bill stipulates that all relevant employees must complete the cybersecurity awareness training program within six months of an audit, with verification of completion required. The governing bodies of municipalities, counties, and school districts must ensure compliance through periodic audits. They may also seek reimbursement from the Department of Law and Public Safety for costs incurred under the bill's requirements. Importantly, any information related to reported cybersecurity incidents, audits, and training programs will be exempt from disclosure under the Open Public Records Act, ensuring confidentiality in these sensitive matters.