Cyber threats are becoming increasingly sophisticated, affecting both private companies and public institutions. A rapid response is critical to minimizing business impact, protecting sensitive data, and identifying attackers. With ALVAO’s ITSM platform, organizations can now streamline the entire process—capturing, categorizing, tracking, reporting, and resolving incidents—while automatically fulfilling their legal obligations.
“If organizations report an incident immediately, they can prevent further damage and recover faster. Delayed reporting, on the other hand, leads to higher financial losses, customer distrust, and even legal consequences,” says Petr Vitouch, IT Security Manager at ALVAO.
According to the UK government’s Cyber Security Breaches Survey 2025, the average cost of a serious cyber incident for small businesses reached the equivalent of CZK 230,000, while medium and large organizations faced costs of around CZK 350,000. Even “smaller” incidents result in significant losses, particularly in employee time and external expenses. The faster an incident is managed and reported, the lower the overall cost and operational disruption.
Automated reporting in ALVAO helps national security agencies detect and eliminate threats more quickly, while ensuring organizations comply with mandatory reporting requirements. With the upcoming NIS2 directive, organizations are legally required to report incidents. ALVAO ensures they can meet this obligation without delay.
Beyond reporting, ALVAO offers full Security Incident Management, including predefined service catalogue templates for incident reporting, vendor management, spam and phishing reports, and integrations with monitoring systems such as Zabbix and Lansweeper.
“Our goal is to give companies a tool that helps them not only comply with regulations, but also protect their business. Automated reporting in ALVAO saves time, reduces human error, and gives organizations confidence in their ability to respond to threats promptly and effectively,”adds Petr Vitouch.
Preparing for ČNB Reporting under DORA
ALVAO’s reporting solution automatically generates XML reports in the official NÚKIB format, which are then reviewed by the organization’s security manager and sent directly to the agency. In line with the EU’s Digital Operational Resilience Act (DORA), which came into effect in January 2025, ALVAO is also preparing direct reporting for the Czech National Bank.
DORA is a cornerstone of the EU’s strategy to strengthen the cyber resilience of the financial sector, requiring financial institutions and their ICT providers to implement robust systems capable of withstanding cyberattacks and operational disruptions.
