ICBA continues working with Congress to advance an extension of a law that strengthens public-private cybersecurity coordination before the law expires next week.
Cybersecurity coordination law to lapse next week if Congress doesn t act
September 25, 2025 / By ICBA
ICBA continues working with Congress to advance an extension of a law that strengthens public-private cybersecurity coordination before the law expires next week.
ICBA continues working with Congress to advance an extension of a law that strengthens public-private cybersecurity coordination before the law expires next week.
State of Play: The Cybersecurity Information Sharing Act of 2015, which helps ensure community banks have timely access to actionable cyber threat information, is slated to expire this Tuesday, Sept. 30, unless Congress passes an extension.
Liability Protections: The CISA law provides liability protections for all community banks that share threat intelligence with other banks, businesses, and the U.S. government. While FS-ISAC is working on a contingency plan, voluntary threat information sharing is expected to decline by 80-90% if the law lapses.
What it Means for Community Bankers: The lapse in liability protections increases the risk of legal action against banks that share threat intelligence. Without liability protections, each bank needs to assess its risk appetite for continuing voluntary threat information sharing with government and other institutions.
Background on CISA: The bipartisan CISA legislation—enacted after an Office of Personnel Management breach in 2015—provides private-sector entities with information and liability protections for sharing cyber threats. It also includes an antitrust exemption that provides similar protections for sharing between private companies.
Ongoing ICBA Advocacy: In a recent letter to congressional leaders, ICBA and the other groups said that the current cyber threat landscape highlights the need for consistent public-private collaboration and that without the protections codified by CISA, businesses may be less willing to share cyber threat information for fear of legal exposure. The groups previously urged Congress to reauthorize CISA, warning that failure to act could eliminate a valuable tool used to protect U.S. critical infrastructure sectors.
ICBA Resources: Cyber and data security resources for community bankers are available on the ICBA website.
Subscribe now
Sign up for the Independent Banker newsletter to receive twice-monthly emails about new issues and must-read content you might have missed.
Sponsored Content
Featured Webinars
Join ICBA Community
Interested in discussing this and other topics? Network with and learn from your peers with the app designed for community bankers.
Subscribe Today
Sign up for Independent Banker eNews to receive twice-monthly emails that alert you when a new issue drops and highlight must-read content you might have missed.
News Watch Today
Join the Conversation with ICBA Community
ICBA Community is an online platform led by community bankers to foster connections, collaborations, and discussions on industry news, best practices, and regulations, while promoting networking, mentorship, and member feedback to guide future initiatives.
Join the Community Example Text
