3. Not later than one year after the date on which the cyber incident reporting system is established and at least once each year thereafter, the Director of the New Jersey Office of Homeland Security and Preparedness shall submit an annual report on its activities to the Governor, and to the Legislature, pursuant to section 2 of P.L.1991, c.164 (C. 52:14-19.1). The report shall include, at a minimum:

a. information on the number of notifications received and a description of the cybersecurity incident types and associated mitigating measures taken during the one-year period preceding the publication of the report;

b. the categories of public agencies and government contractors that submitted cybersecurity notifications; and

c. any other information required in the submission of a cybersecurity incident notification, noting any changes from the report published in the previous year.

L.2023, c.19, s.3.