๐Ÿ‡บ๐Ÿ‡ธ US 30-yr mortgage rate: 6.55% โ€” Bankrate, June 10๐Ÿ‡ฏ๐Ÿ‡ต BOJ June rate hike: 80% market probability โ€” CNBC๐Ÿ‡ฎ๐Ÿ‡ณ India opens insurance to 100% FDI under automatic route๐Ÿ‡บ๐Ÿ‡ธ Fed holds rates at 3.50โ€“3.75% โ€” third consecutive hold๐ŸŒ Global cyber insurance market: $33.4B projected for 2026๐Ÿ‡ฌ๐Ÿ‡ง FCA: Insurance premium finance APRs down 4.1% since 2022๐Ÿ‡ฐ๐Ÿ‡ท DB Insurance completes $1.65B Fortegra acquisition๐Ÿ‡บ๐Ÿ‡ธ Medicaid cuts: CBO estimates 11.8M to lose coverage๐Ÿ‡ฆ๐Ÿ‡บ APRA CPS 230 amendments effective July 1, 2026๐Ÿ‡ฉ๐Ÿ‡ช BaFin launches dedicated cyber insurance reporting class๐Ÿ‡บ๐Ÿ‡ธ US 30-yr mortgage rate: 6.55% โ€” Bankrate, June 10๐Ÿ‡ฏ๐Ÿ‡ต BOJ June rate hike: 80% market probability โ€” CNBC๐Ÿ‡ฎ๐Ÿ‡ณ India opens insurance to 100% FDI under automatic route๐Ÿ‡บ๐Ÿ‡ธ Fed holds rates at 3.50โ€“3.75% โ€” third consecutive hold๐ŸŒ Global cyber insurance market: $33.4B projected for 2026๐Ÿ‡ฌ๐Ÿ‡ง FCA: Insurance premium finance APRs down 4.1% since 2022๐Ÿ‡ฐ๐Ÿ‡ท DB Insurance completes $1.65B Fortegra acquisition๐Ÿ‡บ๐Ÿ‡ธ Medicaid cuts: CBO estimates 11.8M to lose coverage๐Ÿ‡ฆ๐Ÿ‡บ APRA CPS 230 amendments effective July 1, 2026๐Ÿ‡ฉ๐Ÿ‡ช BaFin launches dedicated cyber insurance reporting class
Cybersecurity incident reporting and digital risk regulation - illustrative image
Regulation๐Ÿ‡บ๐Ÿ‡ธUnited States

US Cyber Incident Reporting Law (CIRCIA) Takes Effect, Requiring 72-Hour Breach Notifications

Editorial Deskยทยท5 min read
Verified Story

The US Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) took effect in May 2026, requiring covered critical infrastructure entities to report significant cyber incidents within 72 hours and ransomware payments within 24 hours. The mandate is accelerating demand for cyber insurance and reshaping how businesses, insurers, and regulators respond to a threat landscape where AI is intensifying both attack sophistication and underwriting complexity.

A landmark shift in US cybersecurity policy is now reshaping how businesses and insurers manage digital risk. The Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) took effect in May 2026, establishing mandatory reporting requirements for entities operating in critical infrastructure sectors. Under the law, covered entities must report significant cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours, and ransomware payments within 24 hours. The regulation represents one of the most significant federal cybersecurity mandates in US history.

The reporting requirement is accelerating an already fast-growing cyber insurance market. Regulatory mandates like CIRCIA โ€” alongside the EU's Digital Operational Resilience Act (DORA) for financial services and a wave of state-level cybersecurity legislation โ€” are compelling organizations to purchase cyber coverage as part of their compliance programs. The World Economic Forum's 2026 Global Cybersecurity Outlook found that only about 19% of organizations rate their cyber resilience above regulatory expectations, while 17% acknowledge falling below minimum standards โ€” a protection gap that directly translates into insurance demand.

The broader cyber insurance market is expanding rapidly. Munich Re estimates global cyber insurance premiums reached approximately $15 billion in 2025 and projects growth exceeding 10% annually through 2030, potentially reaching $28 billion. The reinsurer identifies ransomware, data breaches, business email compromise, and distributed denial-of-service attacks as the primary drivers of insured cyber losses. Despite this growth, softening market conditions and intense competition are expected to push average premiums lower in 2026, making coverage more affordable even as demand rises.

Artificial intelligence is fundamentally reshaping the cyber landscape on both sides. Threat actors are deploying AI-powered tools for more effective ransomware campaigns and increasingly sophisticated deepfake-enabled fraud, while insurers use AI and machine learning to build more granular, dynamic underwriting models and detect fraudulent patterns. Carriers are also tightening policy language around contingent business interruption coverage and non-breach privacy claims, and at least one insurer has introduced a standalone AI policy. For businesses navigating this environment, the combination of new regulatory obligations and evolving threats makes robust cyber risk management and adequate insurance coverage a strategic necessity rather than an optional safeguard.

Key Points

  • 1CIRCIA took effect in May 2026, requiring covered critical infrastructure entities to report cyber incidents within 72 hours
  • 2Ransomware payments must be reported within 24 hours under the new law
  • 3Only about 19% of organizations rate their cyber resilience above regulatory expectations (WEF 2026)
  • 4The global cyber insurance market reached roughly $15 billion in premiums in 2025 (Munich Re)
  • 5AI is increasing both attack sophistication and insurer underwriting precision

Why This Matters

CIRCIA's 72-hour reporting mandate fundamentally changes how US critical infrastructure operators must respond to cyberattacks, with significant compliance implications for utilities, financial firms, healthcare providers, and more. For the insurance industry, mandatory reporting drives demand for cyber coverage while also improving the data available for underwriting. For businesses of all sizes, the combination of new legal obligations and AI-intensified threats makes cyber insurance and resilience planning essential.

#cyber insurance#CIRCIA#regulation#cybersecurity#ransomware#critical infrastructure
Verified ยท Jul 1, 2026Read Original
Disclaimer: This article is for informational purposes only and does not constitute financial, investment, legal, or insurance advice. Always consult a qualified professional before making financial decisions. PolicyGlobal reports on publicly available information from third-party sources and cannot guarantee the accuracy or completeness of such information.

Related Stories

Daily Intelligence

The PolicyGlobal Daily Brief

Get the top 5 insurance and finance stories every morning, curated and verified by our editorial desk. No spam. Unsubscribe anytime.

Informational newsletter only. Not financial advice. Disclaimer