Under the proposed amendment to the Cybersecurity (Amendment) Bill, Critical Information Infrastructure (CII) owners remain responsible for the cybersecurity and resilience of the CII and they are now required to report more types of cyber incidents, including those targeting their supply chains and peripheral systems