LegisTrack
Back to all bills
HR 807119th CongressIn Committee

Public and Private Sector Ransomware Response Coordination Act of 2025

Introduced: Jan 28, 2025
View on Congress.gov
Standard Summary
Comprehensive overview in 1-2 paragraphs

Public and Private Sector Ransomware Response Coordination Act of 2025 directs the Secretary of the Treasury to study and report on how the public sector and private sector coordinate in responding to ransomware attacks on financial institutions, as well as how they prevent such attacks. The law requires a comprehensive, unclassified report (with a possible classified annex) to Congress within one year, followed by a briefing within 15 months. The report covers current coordination, inter-agency cooperation, access to and usefulness of incident information reported by financial institutions, reporting requirements, potential need for new legislation, and recommended policy steps to strengthen public-private partnerships and speed up incident response. It also examines why financial institutions may delay or withhold information and gathers feedback from entities that provide cybersecurity and ransomware response services.

Key Points

  • 1The act requires the Secretary of the Treasury to deliver a comprehensive report to Congress within one year of enactment, detailing coordination between the public and private sectors and within government agencies in responding to and preventing ransomware attacks on financial institutions.
  • 2The report must assess inter-agency coordination, timely access to incident-related information reported by financial institutions (as defined by 31 U.S.C. 5312(a)), and how useful that information is for prevention, investigation, or prosecution.
  • 3It analyzes reporting requirements for financial institutions who experience ransomware attacks, including whether any changes are needed to improve information utility and speed in enforcement actions.
  • 4It evaluates whether additional legislation is needed to enhance information sharing, timeliness, and overall coordination, and it proposes policy initiatives to bolster public-private partnerships and reduce incident response times.
  • 5It seeks to understand why financial institutions may withhold or delay reporting to authorities and collects feedback from cybersecurity and ransomware response entities that service financial institutions.
  • 6The report will be submitted in unclassified form (with the possible inclusion of a classified annex) and the Treasury Secretary must brief the relevant congressional committees within 15 months on the findings.

Impact Areas

Primary: Financial institutions (as defined for banking/financial regulation purposes) and the federal agencies involved in cyber threat response and financial sector oversight.Secondary: Public- and private-sector cybersecurity incident responders, managed security service providers, and advisory firms that assist financial institutions with incident response, regulatory compliance, and risk management.Additional: Congress (through the specified committees), Treasury, and intelligence committees, as well as the broader objective of improving public-private coordination to prevent and respond to ransomware affecting the financial system.
Generated by gpt-5-nano on Nov 19, 2025