Join Our Mailing List

Be the first to hear about updates

Be the first to hear about updates on the Cyber Security and Resilience Bill. Stay informed about compliance requirements, key changes, and important announcements.

New regulatory obligation

"Near miss" reporting: the hidden expansion of scope

The Cyber Security and Resilience Bill moves beyond "impact-only" reporting. Organisations must now identify and report incidents capable of having a significant impact - fundamentally changing your compliance posture.

Assess your reporting readinessTalk to our team
Definition

What classifies as a "near miss"?

Unlike previous regulations (like NIS 2018) that focused largely on actual service disruption, the Bill introduces a preventative standard. A "near miss" is an occurrence that could have caused a significant impact if it hadn't been prevented or mitigated.

Detecting unauthorised access that didn't steal data, or a DDoS attack mitigated before service went offline, may now be reportable. This demands superior detection - you cannot report what you do not see.

The new threshold

Incident vs. near miss

Comparison of reporting triggers under the 2018 Regulations vs. the 2025 Bill.

Event typeNIS 2018 (old standard)Cyber Security and Resilience Bill 2025 (new standard)
Service interruptionReport only if "significant impact" on service continuity occurs.Report if the incident is capable of causing significant impact.
Data breachFocus on availability/integrity impacting service.Broader focus on security compromises, including potential breaches.
Supply chain attackLimited direct obligation for supply chain issues.Mandatory reporting of supply chain compromises affecting your service.
Reporting timeline72 hours regarding significant impact.Likely 24 hours for initial "early warning".

You Can't Report What You Don't Detect.

The requirement to report "near misses" places a heavy burden on your detection capabilities. Manual log reviews and basic firewalls are no longer enough. You need 24/7 proactive threat hunting to identify incidents that attempt to breach your defenses.

  • 24/7 Managed Detection: Eyes on glass, round the clock.
  • Log Retention & Analysis: Automated correlation to spot usage anomalies.
  • Incident Reporting Support: We draft your regulator reports for you.
Explore Managed Detection & Response
THREAT DETECTED
BLOCKED

Analysis: Attempted SQL Injection from known malicious IP.

Outcome: WAF Blocked. IP Blacklisted.

Generate Compliance Report

Are you ready for enhanced reporting?

Take our free readiness assessment to see if your current incident response capabilities meet the new Cyber Security and Resilience Bill (CSRB) standards.

Start Free Readiness Assessment