Licensees must report to the CBB within one week, any instances of cyber attacks, whether internal or external, that compromise customer information or disrupt critical services that affect their operations. When reporting such instances, the licensee must provide the root cause analysis of the cyber attack and measures taken by them to ensure that similar events do not recur.