In March 2022, U.S. President Joe Biden signed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). Among the changes introduced, the law enacts a requirement for data breach reporting within 72 hours of the event. This, of course, has a major impact on the role of CISOs, and how they should handle…