Security incidents do happen, and we need to react to, and learn from them. This learning is enhanced when adequate details of incidents are captured and further analysed, as analysis of information security incidents often provides business stakeholders with an additional perspective on risk levels, making it highly valuable. Usual measures of interest are general statistics on severe incidents such as the number, business impact and source; benchmarking with industry peers; and elements associated with the effectiveness of the incident management process, such as average incident detection/response time.
However, Cyber security incidents affecting private and public organisations can be costly, impacting confidentiality, integrity and availability of critical information, loss of productivity, reputational damage and ultimately lead to financial losses. Hence, in a bid to manage such impact, there is a natural tendency of persons and organisations to refrain from reporting these incidents and withholding details which can be critical to economic wellbeing of the nation and national security.
The CyberSec iReport Portal provides a means of anonymously reporting computer security incidents. It offers anonymous reporting with key details such as nature/type of incident, sector or type of organisation affected and extent of losses incurred. It also provides an anonymised statistics on reported incidents, available on request. This ultimately provides intelligence to organisations and nations at large in order to remain informed of trends in cyber incidents and to also enhance their capacity for resilience as well as their detective, protective and response mechanisms.