The hours and days immediately following a cyber incident, especially a ransomware attack, are particularly challenging. Not only is a company struggling to assess damage and get back online, but it might have only a very short time to notify multiple regulators. This article distills insights offered during a recent Reed Smith program that addressed the ever-evolving data breach and cyber incident reporting landscape and examined the challenges a company faces, and the potential solutions, in the immediate aftermath of an attack, using a hypothetical ransomware attack on a multinational company as a jumping-off point. See “Comparing U.S. and E.U. Approaches to Incident Response and Breach Notification” (Nov. 4, 2020).