As part of Employer Advantage’s comprehensive suite of HR management and outsourcing services (HR, Payroll, Health & Benefits, Safety, and more), we take on the burden of our clients’ employee administration and compliance responsibilities. Please contact us if you would like assistance: | 877.476.9520

Russia’s invasion of Ukraine has been accompanied by an increased risk of cyberattacks on infrastructure and critical industries in the United States, as well as globally. These latest threats have triggered the U.S. government to enact new requirements for employers to assist in safeguarding the nation’s cybersecurity.

The Cyber Incident Reporting for Critical Infrastructure Act of 2022 requires mandatory reporting of cybercrimes by businesses involved in the critical infrastructure sector. These include chemical, commercial facilities, communications, critical manufacturing, emergency services, energy, food and agriculture, healthcare and public health, and information technology entities.


Businesses must report to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA):

  1. A covered cyber incident no later than 72 hours after the covered entity reasonably believes the incident occurred.
  2. Any ransom payment for a ransomware attack within 24 hours of making the payment because of a ransomware attack, even if the ransomware attack is not a covered cyber incident.

(Reportable incidents under the act include: (a) a substantial loss of confidentiality, integrity, or availability of a system or network; (b) a serious impact on operational systems and processes; or (c) a disruption of business or industrial operations.)


A report of a covered cyber incident under the Act must include:

  1. A description of the affected information systems, networks, or devices.
  2. A description of the unauthorized access.
  3. The estimated date range of the incident.
  4. The impact to the operations of the covered entity.
  5. A description of the vulnerabilities exploited and the security defenses that were in place.
  6. Information related to each actor reasonably believed to be responsible for the cyber incident, the category or categories of information that were, or are reasonably believed to have been, accessed or acquired, and the name of the entity and its contact information.


The requirements in the Cyber Incident Reporting for Critical Infrastructure Act of 2022 will not be enacted until the final rules are effective and published. This could take several months. However, there are critical things employers should do now to prepare and protect their business from any threat of cyberattacks:

  1. Implement a comprehensive cybersecurity risk management process within your organization.
  2. If your business already has a competent cybersecurity process in place, review your policy to ensure it will stand up to the demands of the new criteria and obligations outlined in the act.
  3. Ensure your company is aware of all upcoming government deadlines and reporting requirements.
  4. Communicate and train all employees on your organization’s plans to comply with the new act. This will not only keep you in compliance on the act requirements but will help protect your business from a cyberattack.


Not currently an Employer Advantage client?


We don’t just give quotes—We provide strategic business proposals.

-Free strategic assessment of your business needs

-Quick and easy account setup and seamless transitions

-Urgent requests | Please Call: Toll Free 877.476.9520

Click here to see our other helpful “Blog for All Employers”

A New Path to HR Bliss – Trusted for more than 30 years, Employer Advantage frees you from the administrative and compliance burdens of having employees so you can focus on your business success. Versatile enough for companies of all sizes, our unique service combines comprehensive management of your employee administration and compliance with the latest software solutions, tailored to meet your individual needs and company culture. Our full-service management of Human Resourcespayrollhealth and benefits, workplace safety, and more enhance your profitability while reducing the costs and risks associated with employment law compliance. We provide your employees with top-notch assistance and benefits that help you increase productivity, save time and money, and attract and retain a talented workforce. And for small and mid-sized businesses, we bring you economy of scale with access to Fortune-500-level benefits, specialty assistance, and savings that would not be possible to attain on your own. Headquartered in the Midwest and serving more than 500 companies and 10,000 worksite employees throughout the country, Employer Advantage is an IRS-Certified Professional Employer Organization (PEO) (CPEO). Experienced, certified, and trusted.