Members Only Article

Cyber Incident Reporting Rules: It’s Still a Journey

April 24, 2026 | 5 minutes reading time | By David Weldon

The national cybersecurity agency takes its show on the (virtual) road. A financial industry coalition makes appeal to the SEC.

Cybersecurity risks are constant and, if anything, escalating. Yet rules for incident reporting, prioritized by regulators and largely endorsed in the private sector, remain contentious in their application.

The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) was the subject of a series of virtual town halls in March and April as the Cybersecurity and Infrastructure Security Agency (CISA), part of the U.S. Department of Homeland Security, sought to explain (or sell) impending compliance requirements to covered industries.

The objective is to “rapidly share actionable information to protect others,” CISA’s Nick Andersen said in announcing the programs. “Stakeholder input is critical as we finalize this rule to strengthen our collective defense. CISA is committed to delivering a framework that appropriately balances its impact on improving our nation’s cybersecurity posture with avoiding unnecessary burden to entities in critical infrastructures.”

Acting CISA Director Nick Andersen

The financial industry and registered corporations have already been – and are still going – down that road, dealing with a...

to access this content.

Become a GARP Member to Unlock Exclusive Risk Insights and More!

  • Access timely articles, thought leadership, and an archive of on-demand webcasts, event recordings, and Chapter meeting presentations in our Member Multimedia Library.
  • Get regulatory capital data for global and regional banks in North America, Europe, Asia, and Africa through our Pillar 3+ data analytics platform from the GARP Benchmarking Initiative (GBI®).
  • Gain priority registration to attend any worldwide Chapter meeting for free, as well as preferential rates for GARP events and access to local members-only dinners and professional networking opportunities.
  • Receive comprehensive access via our digital GARP Learning platform to the latest curriculum readings, videos, end of chapter practice questions, and more for the program(s) of which you passed the exam(s).

Topics: Cybersecurity, Regulation & Compliance, Resilience

Share

Related Insights

Article

Compliance Is the New Standard of Resilience

March 27

Regulatory expectations are rising, and they go beyond just setting po...

Regulation & Compliance, Cybersecurity, Resilience, Third Party Risk
Read Article
Article Members Only

Global Investment Performance Standards: Widely Adopted But in Some Places a Tough Sell

March 6

Recent efforts are aimed at reeling in alternative asset managers and ...

Market, Investment Management, Data, Regulation & Compliance
Read Article
Article

From 'Cyber-Aware' to 'Risk-Intelligent' Boards: The Strategic Governance Nexus

March 20

Three systemic failures in 2024 revealed a critical governance blind s...

Enterprise, Cybersecurity, Resilience
Read Article