Data Incoming: How to Close the Cyber Data Gap
From War On The Rocks:
Current Cyber Data Landscape
The most significant source of incident-reporting data that the federal government can use to fill the cyber data gap is the information that companies will submit under the Cyber Incident Reporting for Critical Infrastructure Act, which was passed into law in March. The details of what companies and incidents the law covers are still being worked out, but the law will probably be the most comprehensive cyber-incident reporting scheme the country has.
However, it could take two or more years until the law goes into effect. Until then, the federal government should use the incident reports submitted under other federal and state requirements to generate useful statistics. At the federal level, there are over 20 regulations and laws requiring incident reporting.