Public and private companies would be required to report ransomware attacks within a day in a bill introduced Wednesday, according to Bloomberg. Senate Intelligence Chair Mark Warner of Virginia, Sen. Marco Rubio of Florida and Sen. Susan Collins of Maine proposed the legislation.
The bill would be a first to require both public and private companies to report cybersecurity breaches. If companies report a breach, they'd be given some liability coverage and data protections. If companies don't report within 24 hours, lawmakers would be able to determine a civil penalty of up to 0.5% of the company's gross revenue from the previous year.
The legislation follows major ransomware attacks in recent months, including a Colonial Pipeline hack in May and a breach on Kaseya software earlier this month.