Examples of when a cyberattack must be reported include when it threatens the functioning of critical infrastructure, has resulted in the manipulation or leakage of information, or involves blackmail, threats or coercion. Critical infrastructure operators who fail to report a cyberattack may be fined.
Types of attacks include:
- malware successfully installed on a system
- encryption trojans
- availability attacks
- gaining unauthorised access to computer systems through the exploitation of security holes.
Last modification 21.05.2026
