Authorities must be notified when a cyber incident occured.

Managed service providers (MSPs) must disclose cyber incidents that disrupt user activity or pose a high risk to their service. Many governments have updated legislation with mandatory requirements and heavy fines in case of non-compliance. Starting with businesses operating in critical infrastructure sectors and including companies with activity in finance, telecommunications, energy or transportation sectors, cyber attacks and hacking incidents must be reported to the proper authorities.
Make sure you discuss all these details with your cyber security consultants and update your business continuity plans according to all legal requirements in your industry.