Annex C

Incident Types

FIRE classifies incidents into five standardised types. The type must be reported at the Initial phase (optional) and confirmed at the Intermediate and Final phases (essential).

Multiple types. An incident may span more than one category — for example, a ransomware attack may be both a Business Disruption and a Data Breach. Reporters should select all applicable types.
Type Definition Illustrative examples
Business Disruption or System / Execution Failure An incident that compromises the availability, reliability, or continuity of a critical function or service — regardless of cause.
  • Core systems go offline or become severely slow
  • Transaction processing fails or halts
  • Data corruption preventing normal operations
  • Automated processes stop or produce erroneous outputs
Compromise (non-disruptive) An incident that compromises the confidentiality or integrity of systems or data without materially affecting availability or continuity of services.
  • Unauthorised access to systems or data without disruption
  • Undetected data manipulation that does not halt services
  • Backdoor or persistent access established silently
Data Breach An incident involving the unauthorised acquisition, access, use, or exposure of sensitive or protected data.
  • Personal or client data published or exfiltrated
  • Stolen login credentials used to access accounts
  • Sensitive internal data leaked to third parties
Financial Theft or Fraud An incident involving the actual or attempted theft of financial assets or fraudulent financial activity.
  • Unauthorised payment or wire transfer instructions
  • Fraudulent SWIFT or interbank messaging
  • Account takeover leading to fund theft
  • Manipulation of trading systems for financial gain
Information Disorder An incident involving the deliberate creation or spread of false, misleading, or harmful information about the reporting entity — including impersonation and disinformation campaigns.
  • False rumours about the entity's financial health spread on social media
  • Fake communications impersonating the entity sent to clients
  • Coordinated disinformation campaign targeting the entity's reputation