The Cybersecurity Act 2024 establishes the mandatory obligation for CNII entities to report security incidents. Immediate reporting is essential to maintain national cyber resilience and enable coordinated response efforts.
What is your organization’s validated reporting process?
01
Immediate Assessment
Determine if the event meets the criteria for a significant incident as defined by the Act. Act swiftly to contain the impact.
02
Mandatory Disclosure
You must notify the NCU within the legislated reporting window following discovery. Delayed reporting severely impedes threat intelligence sharing.
03
Information Provision
Provide specific data including the time of discovery, the nature of the systems affected, and the estimated impact assessment. Use the formal Incident Reporting Form.
04
Post-Incident Review:
You are required to conduct a thorough forensic investigation and cooperate fully with the NCU during the subsequent analysis and resolution phase.
05
Failure to Comply
Non-compliance with mandatory reporting timelines and procedures constitutes a breach of the Act and will incur regulatory consequences.