A licensee, following submission of the preliminary report on detection of a cyber security incident referred to in Paragraph CRA-5.8.19, must submit to the CBB a comprehensive report within 5 working days of the occurrence of the cyber security incident. The comprehensive report must include all relevant details including the root cause analysis of the cyber security incident and measures taken by the licensee to ensure that similar events do not recur.