Licensees must report to the CBB any instances of cyber-attacks immediately, whether internal or external, that compromise customer information or disrupt critical services that affect their operations. In addition, licensees must provide the root cause analysis of the cyber-attack and measures taken by them to ensure that similar events do not recur, within 5 working days. Any significant attack or breach to the system regardless of whether it caused loss or damage, must be reported to the CBB.