Cyber Crime written on Keyboard

CISA Announces Strategic Plan and RFI Regarding Reporting Cyber Incidents

Last month the federal Cybersecurity and Infrastructure Security Agency, otherwise known as the (CISA) announced its 2023-2025 strategic plan. The CISA works with infrastructure partners to provide the nation’s cyber defense and serves as the coordinator for critical infrastructure security to address our country’s growing cyber threat.


This new development reflects an updated perspective among experts that it’s not if but when a government agency, business, or individual will face a cyber attack. Hackers are becoming more strategic, targeting vendors to access their targets and using more sophisticated tools. As a result, all business sectors are experiencing significant increases in the frequency of security breaches.


Every 40 seconds, a business falls victim to ransomware. Estimates show that around 70% of companies were victimized by ransomware in 2022. The year is not over yet, and these numbers are suspected to be even higher due to undetected dormant ransomware programs and organizations not reporting incidents to avoid negative publicity.


Key elements of the CISA strategic plan:

  • Improve Risk Assessment: Create a regulatory path to support the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) – which requires many organizations in the critical sector to automatically report cybersecurity incidents and ransomware payments within 72 and 24 hours, respectively. Enforcement procedures are not yet clarified.
  • Improve cooperation between private and government sectors in defining CIRCIA protocols. CIRCIA recently issued a Request for Information (RFI) to collect feedback from owners and operators.
  • The public has two ways of getting involved in the rulemaking process. They can share written comments in response to the RFI (provided before November 18th, 2022) or participate in one of the listening sessions hosted by the CISA across the country through November 16th and deliver in-person feedback.
  • The RFI includes but is not limited to the following:
    • How organizations are defined as a “covered entity” and required to report incidents
    • Submission procedures for sharing incident information
    • Meaning of “covered cyber incident.”
    • Meaning of “substantial cyber incident.”
    • What defines “reasonable belief.”
    • What federal departments/entities receive cyber incident and ransom payment reports


You can review the RFI here:


These developments have significant impacts on cyber security and cyber insurance. Please share your questions and concerns with us.