In September 2025, a decree came into force that fundamentally changes the way organisations in Slovakia approach reporting cyber incidents. Correct reporting can be a challenge.
The decree of the National Security Office of the Slovak Republic follows the amendment to the Cyber Security Act. For the purposes of practice, it specifies exactly what is considered a serious incident and what are the obligations of operators of essential services when reporting it.
Identification criteria for an incident
In assessing its seriousness, key identification criteria are set out. These include, for example, a complete loss of service beyond a specified time, a threat to the confidentiality, integrity or availability of data, or incidents affecting more than 25 thousand people.
Any entity covered by the Cybersecurity Act must submit a report through the Unified Cybersecurity Information System if the incident criteria are met. However, the report itself is not a free text message and the decree specifies exactly what parameters it must contain.
In the report, organisations must include basic data such as the time of detection and a description of the incident, as well as subsequent additions, i.e. the time course, actions taken and the current status of the resolution. The decree also introduces clear rules to ensure consistent and rapid communication with the NSA. In practice, this means that organisations must be able to not only detect incidents in a timely manner, but also to document and report them effectively.
Correct reporting
However, the challenge for correct incident reporting becomes the actual process of getting all the necessary inputs. Tech-savvy administrators can collect the required data from multiple sources sequentially using logs, but it is a lengthy and complicated process.
The good news is that technology can significantly help IT administrators with reporting. ESET’s Enhanced Detection and Response (XDR) solution enables advanced real-time threat detection through data correlation. In this case, data is collected from a variety of sources ranging from endpoint devices to cloud services.
Automation is essential
Part of the XDR solution is the Incident Creator tool, which automatically converts the collected data into clear information about the incident.
Incident Creator reports all the necessary details from technical data to a description of the actions taken. This data can then be used by administrators to report correctly to the Unified Cybersecurity Information System.
If organisations do not have the in-house capability to assess the severity of incidents, ESET’s Managed Detection and Response contracted services are assisted by the ESET team. Experts not only process the severity and impact analysis, but also propose actions.
