Congress is now taking steps to beef-up cyber security regulations at the federal level. The Senate introduced a bill titled the “Cyber Incident Reporting Act of 2021,” which requires covered entities—meaning an entity that owns or operates critical infrastructure—to promptly report cyber security breaches to a Cyber Incident Review Office, which then receives, aggregates, and analyzes the incident. The proposed legislation also mandates that covered entities, and business with more than fifty employees, report ransomware payments no later than twenty-four hours after the payment has been made. While the final iteration of the bill has yet to take shape, it is a safe bet that some cyber security legislation will become law in the near future. Given the pervasiveness of cyberattacks, it is important that businesses keep current on these regulatory developments. Stay tuned.