The law requires a primary contact for each governmental organization. Organizations can provide multiple contacts as long as they are authorized to report incidents and receive any information resulting from incident reporting.
Report a cybersecurity incident here: https://soi.formstack.com/forms/incident_reporting_form