IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

New Jersey Gov Signs 72-Hour Cyber Incident Reporting Law

The new law requires public schools, local and state government and government contractors to report cyber incidents within 72 hours. The state hopes this will give it better insights and enable faster response and mitigations.

New Jersey Gov. Phil Murphy.
New Jersey’s state and local government agencies, public education institutions and government contractors must report cyber incidents within 72 hours, thanks to a newly signed law. The new rule covers public K-12 schools, public higher ed, state law enforcement, counties, municipalities and others.

Incident reporting goes to the New Jersey Office of Homeland Security and Preparedness (NJOHSP), which will be crafting and publishing guidelines to support “the timely and confidential submission of incident notifications,” per an NJOHSP press release.

The reporting requirement “will take effect immediately,” per the release.

The law aims to help NJOHSP’s cybersecurity division — the New Jersey Cybersecurity and Communications Integration Cell — be better informed about trends and more quickly and effectively respond to and defend against incidents.

“By intaking cybersecurity incident reports, the NJCCIC can provide assistance to the affected public agencies to help them respond to and recover from an attack,” said NJCCIC Director Michael Geraghty in a statement. “It also allows the NJCCIC to help prevent further compromises of public agencies by sharing the techniques, tactics and protocols the attackers used and the best practices to thwart them.”

Last year, NJCCIC received 375 confirmed cyber incident reports. That fails to capture the full scope.

“In New Jersey alone, thousands of cybercrime cases occur each week, with our schools, hospitals and police departments among the entities most affected,” said Sen. Fred Madden, one of the bill’s sponsors, in a statement.

Entities can report cyber incidents at or by calling 833-4-NJCCIC.

Organizations can also receive cybersecurity-related updates and alerts from NJCCIC by signing up for membership at