Licensees must report to the CBB and Ministry of Interior's General Directorate of Anti-Corruption and Economic and Electronic Security any instances of cyber-attacks immediately, whether internal or external, that compromise customer information or disrupt critical services that affect their operations. When reporting such instances, licensees must provide the root cause analysis of the cyber-attack and measures taken by them to ensure that similar events do not recur. Any significant attack or breach to the system regardless of whether it caused loss or damage, must be reported to the CBB.