All Collections
Reports
Incident reports
How-to guide: Incident data upload
How-to guide: Incident data upload

How to upload your incident data using CSV

Benedict Donaldson avatar
Written by Benedict Donaldson
Updated over a week ago

Introduction

Uploading relevant cyber security incident data is important in order to get a holistic picture of risks in your business.

This section will cover the requirements for the data format in order to successfully upload your incidents and track the data over time.

For more information about the incident reports, have a look at the Explainer: incident reports article here.

Step-by-step guide

How to upload your incident data onto the CybSafe platform.

Step 1

Navigate to 'Incidents' in the left hand admin menu: Reports > Incidents

Step 2

Create your CSV file ready for upload.

Please note: uploading incident data must be done using a CSV file.

Requirements for the CSV

  • Include a header row that looks like date,incident_type,period_covered,impact

  • Comma separated values with no spaces around the commas.

  • Supported fields are:

    • Date with the format YYYY-MM-DD

    • Incident type (selected from the options below)

    • Period covered [optional] (selected from the options below)

    • Impact [optional] description to outline impact of the incident

For example:

date

incident_type

period_covered

impact

2024-02-09

CLEAR_DESK_POLICY_VIOLATION

WEEK

97 instances over 100 unique people

2024-03-14

FAILURE_TO_LOCK_UNATTENDED_SCREENS_OR_DEVICE

DAY

1 instance by 1 person

Supported incident type values for your CSV

  • EMAIL_PHISHING_INCIDENT

  • CLEAR_DESK_POLICY_VIOLATION

  • UNINTENDED_OR_ACCIDENTAL_DATA_SHARE_BY_EMAIL

  • LOSS_OR_THEFT_OF_DEVICE LOSS_OR_THEFT_OF_PAPERWORK

  • UNAUTHORISED_SYSTEM_ACCESS

  • UNAUTHORISED_DATA_ACCESS

  • UNAUTHORISED_PHYSICAL_ACCESS

  • UNAUTHORISED_DEVICE_USAGE

  • INAPPROPRIATE_FILE_DOWNLOAD

  • ACCEPTABLE_USE_POLICY_VIOLATION

  • SECURITY_POLICY_VIOLATION

  • HELPCENTRE_OR_SUPPORT_CENTRE_CALL_INCIDENT

  • UNAUTHORISED_MEDIA_INCIDENT

  • UNAUTHORISED_SOFTWARE_APPLICATION_USE

  • INAPPROPRIATE_OR_UNAUTHORISED_WEBSITE_VISITS

  • FAILURE_TO_LOCK_UNATTENDED_SCREENS_OR_DEVICE

  • INCORRECTLY_CLASSIFIED_DOCUMENTS

  • HARDWARE_OR_SOFTWARE_MISCONFIGURATION

  • INCORRECT_DISPOSAL_OF_PAPERWORK

  • INAPPROPRIATE_OR_UNAUTHORISED_VERBAL_DISCLOSURE_OF_DATA

  • OTHER_INCIDENT_TYPE

Supported periods covered:

  • DAY

  • WEEK

  • MONTH

Once you have your CSV with the outlined requirements above completed, you're ready to upload.

Step 3

Use the file selector to find and select the CSV file that contains your incident data.

Step 4

Check the correct CSV appears before selecting 'Upload CSV'.

Step 5

Keep uploading data to this page to see trends over time.

Take a look at the Explainer: Incident reports article for more information.

Upload errors

If there are any validation errors in your CSV, unfortunately the upload will fail.

An error will show with the row(s) and field with issues as shown in the example below:

Example CSV data

This shows an example of CSV data appropriate for upload

date,incident_type,period_covered,impact
2023-12-01,EMAIL_PHISHING_INCIDENT,DAY,12 people submitted data
2023-12-02,CLEAR_DESK_POLICY_VIOLATION,WEEK,20 people violated the policy
2023-12-03,UNINTENDED_OR_ACCIDENTAL_DATA_SHARE_BY_EMAIL,DAY,breach reported
2023-12-04,LOSS_OR_THEFT_OF_DEVICE,DAY,1 mobile lost
2023-12-05,LOSS_OR_THEFT_OF_PAPERWORK_OR_DATA_LEFT_IN_INSECURE_LOCATION,WEEK,
2023-12-06,UNAUTHORISED_SYSTEM_ACCESS,DAY,3 systems accessed by 1 employee
2023-12-07,UNAUTHORISED_DATA_ACCESS,DAY,3 systems accessed by 1 employee 
2023-12-08,UNAUTHORISED_PHYSICAL_ACCESS,MONTH,1 unauthorised visitor
2023-12-09,UNAUTHORISED_DEVICE_USAGE,DAY,laptop used from unauthorised location
2023-12-10,INAPPROPRIATE_FILE_DOWNLOAD,MONTH,24 files downloaded by 3 employees
2023-12-11,ACCEPTABLE_USE_POLICY_VIOLATION,WEEK,14 people violated policy
2023-12-12,SECURITY_POLICY_VIOLATION,DAY,14 people violated policy
2023-12-13,HELPCENTRE_OR_SUPPORT_CENTRE_CALL_INCIDENT,DAY,
2023-12-14,UNAUTHORISED_MEDIA_INCIDENT,WEEK,
2023-12-15,UNAUTHORISED_SOFTWARE_APPLICATION_USE,WEEK,unauthorised SSO use detected
2023-12-16,INAPPROPRIATE_OR_UNAUTHORISED_WEBSITE_VISITS,DAY,200 blocked website attempts
2023-12-17,FAILURE_TO_LOCK_UNATTENDED_SCREENS_OR_DEVICE,WEEK,14 people violated policy
2023-12-18,INCORRECTLY_CLASSIFIED_DOCUMENTS,DAY,3 documents violated policy
2023-12-19,HARDWARE_OR_SOFTWARE_MISCONFIGURATION,MONTH,1 laptop detected
2023-12-20,INCORRECT_DISPOSAL_OF_PAPERWORK,DAY,5 documents violated policy
2023-12-21,INAPPROPRIATE_OR_UNAUTHORISED_VERBAL_DISCLOSURE_OF_DATA,MONTH,1 violation
2023-12-22,OTHER_INCIDENT_TYPE,DAY,add anything here

Additional resources

Related Articles
Refresher tests
Explainer: Incident reports
Change log: 2024 essential module refresh
Reference: GUIDE features best practice
Reference guide: Audience filters
Did this answer your question?