This appendix is part of the requirement specified under CRA-5.9.19 (cyber security)


1. Licensees are required to report cyber security incident or breach to the CBB on the day of the occurrence of the cyber security incident or breach.
2. Licensees are required to complete and submit the form below via email to the CBB.

Cyber Security Incident Report

1. Contact Information
Details of the responsible person
(a) Full Name  
(b) Designation  
(c) Office phone no.  
(d) Mobile no.  
(e) Email address  
Alternate Contact Person
(a) Full Name  
(b) Designation  
(c) Office phone no.  
(d) Mobile no.  
(e) Email address  
Licensee Details
(a) Licensee name  
(b) Licensee address  
(c) Type of licensee  
(d) Contact no.  
(e) Email address  
2. Cyber Incident or breach Details
(a) Date and time of incident or breach  
(b) Details of cyber incident or breach
(i) Method of the cyber attack
(ii) Duration of the cyber attack
3. Impact of systems, assets or information
(a) Affected hardware  
(b) Affected software  
(c) Affected operating system  
(d) Impact to stakeholders  
(e) Geographical location and IP address of attacker  
4. Resolution of cyber incident or breach
(a) What are the immediate remedial actions taken to minimise and mitigate risks from the cyber attack?  
(b) What is the current status or resolution of this incident or breach?
Amended: January 2020
Added: April 2019