One issue that has been frequently raised in private sector responses to the RFI is the importance of regulatory harmonization of cyber incident reporting timelines issued at different levels of government and by international organizations.