The U.S. Cyber Incident Reporting for Critical Infrastructure Act of 2022 mandates that organizations in 16 critical infrastructure sectors report significant cyber-incidents to CISA within 72 hours and that they report ransomware payments within 24 hours.
What is Canada doing? What comparable legislation or regulations does Canada have in place for mandatory cyber-incident reporting across critical infrastructure sectors? What are the specific reporting timelines and requirements for organizations?