Recently signed legislation will require state agencies and government contractors to report cybersecurity incidents within 72 hours of an incident.