Passed as part of the omnibus spending bill on March 15, 2022, the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) will require critical infrastructure companies –which could include financial services companies, energy companies and other key businesses for which a disruption would impact economic security or public health and safety – to report any substantial cybersecurity incidents or ransom payments to the federal government within 72 and 24 hours, respectively. We discuss insights shared by experts during a recent program hosted by Strafford CLE Webinars on the new obligations under CIRCIA, the best practices to mitigate risks if noncompliant, and what the likely outcome of regulation of this Act will be. See “Lessons From CISA for In-House Counsel on Mitigating and Managing MSP Breach Threats” (Jun. 29, 2022).