The effects of an IT security incident have a serious impact on the functionality of the affected company and – in the case of a supply chain attack – also critical effects on its customers and/or subcontractors. If companies in critical infrastructures (CRITIS) are affected, their failure or impairment can, in the worst case, lead to lasting supply bottlenecks, disruptions to public safety or other significant consequences.
Is your company affected by an IT security incident? Then immediate action is necessary, which includes not only technical and organisational tasks – it also includes, among other things, complying with and communicating reporting obligations.
But how exactly is your reporting obligation defined?
Basically, the reporting obligation is based on three important questions:
- What must be reported?
- When must a malfunction be reported?
- Who must report a malfunction?
Our cyber defence consultants have the answers in their article: Reporting obligations in the event of an IT security incident at a glance!