Khaberni - Cybersecurity incidents vary in terms of severity, with each incident having a specific description and response time, according to the recently published 2025 cybersecurity incident reporting and response policy on the website of the National Cybersecurity Center.
The reporting policy was issued by decree number (20) of the National Cybersecurity Council in May 2025.
A cybersecurity incident is defined as: "An act or attack that poses a risk to data, information, information systems, the information network, or related infrastructure, requiring a response to stop or mitigate its consequences," according to the reporting policy.
Incidents are classified by their degree of severity into:
- High severity incident: Directly affects vital operations or leads to a complete halt of government services, or includes the leakage of sensitive data.
- Serious incident: Affects sensitive systems without complete cessation, or represents a failed penetration attempt that was detected.
- Moderate severity incident: Includes suspicious activities such as phishing emails or the detection of malware before activation.
- Low severity incident: Does not directly affect systems, such as repeated unsuccessful login attempts.
The center in the policy emphasized the necessity for coordination and cooperation in incidents classified as "high severity" and "serious," as these incidents require a high level of coordination between relevant parties, with an emphasis on the importance of continuous communication with the center through sectoral response teams at all stages of the incident.
