Skip to content


ORX Cyber


ORX Cyber Community

Risk programme

Standards, taxonomies & libraries

Standard - September 2023

Setting the standards for reporting cyber events across the financial sector

ORX leads the way in setting the reporting standards by which the financial services industry views operational risk events. By bringing together a wealth of knowledge and experience from our global community of members and subscribers, we are able to produce high-quality operational risk reporting standards for cyber-specific events. 

Our standards ensure subscribers to ORX Cyber receive data of a comparable standard and in an agreed format.

About the standards

The ORX Cyber Operational Risk Reporting Standards (C-ORRS) set out the standards you will use to report your cyber events to ORX. The definitions and principles are designed to help you with the consistency of reporting and data categorisation.

Contained within the standards are:

  • Definitions, descriptions, examples and reporting requirements
  • Detailed data categories such as cyber event types, threat actors, attack typologies, controls failed, etc.
  • Reporting requirements for exposure indicators

Gated content start

Looking to access the Cyber Operational Risk Reporting Standards?

The standards are available to firms that subscribe to ORX Cyber

Log into the ORX website

Not a subscriber? Find out more about ORX Cyber

Gated content stop


Nikki Truss-West

Nikki Truss-West

Research Senior Manager - Cyber, ORX


Need help using the standards?

If you have any questions or need any advice regarding our operational risk reporting standards don't hesitate to get in touch.

Contact us