A Bill to require a company that meets specified criteria to report any cyber extortion or ransomware attack on the company to the Government within a specified time after the attack; to make provision about the content of such reports, including a requirement to provide information about any payments made; and for connected purposes.