Central government logo, link to homepage
National Cyber Security CentreMinistry of Justice and Security

Report an incident to NCSC-NL

With this form you can voluntary report a serious digital security NIS2 incident or an obliged Wbni incident report to the Dutch National Cyber Security Center (NCSC-NL).

While the Cyberbeveiligingswet (the Dutch implementation of the European NIS2-directive) has not yet been implemented, the Wbni still is in effect. Organisations in the vital sectors, digital service providers and organizations in the central government are obliged to report serious digital security incidents to the NCSC.

When the Cyberbeveiligingswet (NIS2) applies to your organisation later this year, you will have to report significant incidents. For now all organisations can submit a voluntary report for a cyberincident using the form below or their MyNCSC-account.

Need assistance?

24-hour assistance is available for (urgent) contact and direct support.

Form

Report an incident

1. Company name

Company name (required)
Chamber of Commerce number (required)
Street and housenumber (required)
Enter the name of the street and house nunmber where the organisation’s headquarters is located.
Zip code (required)
City (required)
Sector (required)
Does the organisation also fall under another sector? (required)

2. Who notifies this incident?

First name (required)
Surname (required)
Job title (required)
Email address (required)
Telephone number (required)
Availability
Please provide us with the days and times you as the notifier are available by phone.
Is the notifier also the contact person regarding the incident? (required)

3. About the incident report

Is this notification voluntary? Does it concern a significant incident? (required)
A significant incident exists if the incident:causes or may cause a serious operational disruption of services or financial losses for the entity concerned;has affected or may affect other natural or legal persons by causing substantial material or immaterial damage. 
What is the status of the incident?
The status of the incident gives an indication of the phase the incident is in.
Does the incident have a cross-border impact that also affects other EU countries? (required)
For significant incidents with a cross-border impact, the national CSIRT informs other EU member states.

4. Incident details

Date and time of discovering the incident (required)
Type of incident (required)
Description of the incident (required)
Give a description of the incident that is as detailed as possible based on the information currently available. Provide as much context as possible. Indicators of compromise may also be included in this field.
0 characters
Visible and expected impact of the incident
Describe the visible and expected impact of the incident. This could include: whether critical processes have been affected and if so, which ones; the incident’s impact on the organisation and the potential or expected impact on customers; whether there is a visible or expected impact that has national security implications or entails a risk of loss of human life or disruption of public order.
0 characters
What is the cause of the incident and what measures have been taken to prevent a repeat of the incident in the future?
Where possible, provide information about the cause of the incident, such as human error, a software vulnerability, etc. In addition, state what measures have been taken to prevent a repeat incident. It is possible to attach reports at the end of this form.
0 characters
Have customers been informed / will they be informed?
What is the estimated recovery time?
If available, give the expected recovery time in days and hours.
What is the organisation itself doing and is help needed?
Is help from the CSIRT needed? If so, please also contact your sectoral CSIRT by phone. State here what help is needed, and what the organisation itself is already doing, including engaging a third party to provide support.
0 characters
Attachment(s)
This is where to upload any reports, such as investigation results, information about the cause of the incident, or an overview of the measures taken to prevent a repeat incident.
Maximum 5 files allowed, with a limit of 10 MB. Allowed types: doc, docx, xls, xlsx, ppt, pptx, pps, ppsx, txt, pdf.
Has the incident been reported to the police?
It is advised to always report an incident to the police if it was caused intentionally.
Any additional comments?
0 characters

5. Information about the processing of your personal data

We use your data to handle the incident notification that you submitted. The information will be shared only with the National Cyber Security Centre (NCSC-NL) and, where applicable, the relevant CSIRT

State of agreement (required)

Het Nationaal Cyber Security Centrum (NCSC)

Veilig vooruit in een digitaal weerbaar Nederland.