Not later than 180 days after December 20, 2019, and not less frequently than once each year thereafter, the Comptroller General of the United States shall submit to the congressional intelligence committees a report on cybersecurity and surveillance threats to Congress.

Each report submitted under subsection (a) shall include statistics on cyber attacks and other incidents of espionage or surveillance targeted against Senators or the immediate families or staff of the Senators, and Representatives, Delegates, and the Resident Commissioner, or the immediate families or staff of the Representatives, Delegates, and the Resident Commissioner, in which the nonpublic communications and other private information of such targeted individuals were lost, stolen, or otherwise subject to unauthorized access.

In preparing a report to be submitted under subsection (a), the Comptroller General shall consult with the Director of National Intelligence, the Secretary of Homeland Security, the Sergeant at Arms of the House of Representatives, and the Sergeant at Arms and Doorkeeper of the Senate.

The report under subsection (a), including the contents of the report in subsection (b), shall be submitted in unclassified form, but may include a classified annex to protect sources and methods and any appropriate redactions of personally identifiable information.