Back Custom print Link Text Only Rich Text Print

  • Reporting to CBB

    • OM-5.5.57

      Upon occurrence or detection of any cyber security incident, whether internal or external, that compromises customer information or disrupts critical services that affect operations, conventional bank licensees must contact the CBB, immediately (within one hour), on 17547477 and submit Section A of the Cyber Security Incident Report (Appendix OM-1) to CBB’s cyber incident reporting email, incident.retail@cbb.gov.bh (for retail banks) or incident.wholesale@cbb.gov.bh (for wholesale banks), within two hours.

      Amended: April 2022
      Added: July 2021

    • OM-5.5.58

      Following the submission referred to in Paragraph OM-5.5.57, the licensee must submit to CBB Section B of the Cyber Security Incident Report (Appendix OM-1) within 10 calendar days of the occurrence of the cyber security incident. Licensees must include all relevant details in the report, including the full root cause analysis of the cyber security incident, its impact on the business operations and customers, and all measures taken by the licensee to stop the attack, mitigate its impact and to ensure that similar events do not recur. In addition, a weekly progress update must be submitted to CBB until the incident is fully resolved.

      Amended: April 2022
      Added: July 2021

    • OM-5.5.59

      With regards to the submission requirement mentioned in Paragraph OM-5.5.58, the licensee should submit the report with as much information as possible even if all the details have not been obtained yet.

      Added: July 2021

    • OM-5.5.60

      The comprehensive cyber security incident report referred to in Paragraph OM-5.5.58 should include the following details:

      (a) Date and time of discovery of the incident;
      (b) Time elapsed from detection to restoration of critical services;
      (c) Who discovered the incident (e.g. third-party service provider, customer, employee);
      (d) Type of cyber incident (e.g. DDoS, malware, intrusion/unauthorised access, hardware/firmware failure, system software bugs;)
      (e) Impact of the incident (e.g. impact to availability of services, loss of confidential information) including financial, legal and reputational impact and to which group of stakeholders (e.g. retail and corporate customers, settlement institutions, service providers);
      (f) Affected systems and technical details of the incident (e.g. source IP address and post, IOCs, tactics, techniques, procedures (TTPs));
      (g) Root cause analysis; and
      (h) Actions taken:
      • Escalation steps taken;
      • Stakeholders informed;
      • Response and recovery activities;
      • Lessons learnt.
      Added: July 2021

    • OM-5.5.61

      The penetration testing report as per Paragraph OM-5.5.28, along with the steps taken to mitigate the risks must be maintained by the licensee for a five year period from the date of the report and must be provided to CBB within two months following the end of the month where the testing took place, i.e. for a June test, the report must be submitted at the latest by 31st August and for a December test, by 28th February.

      Amended: April 2022
      Added: July 2021