Security Incident and Data Breach Report Intake
Captures a structured first-hand account of a suspected or confirmed security incident — what happened, what systems or data may be affected, and how contained it is — for IT, security, and compliance teams. An AI follow-up interview reconstructs the actual timeline of discovery and response instead of relying on a rushed written summary.
Sample questions
A preview of what’s in the template. Every question is editable before you launch.
What is your role in relation to this incident?
- Employee who discovered or experienced it
- IT / Security staff member
- Manager of an affected team
- Third-party vendor or contractor
- Other
When did you first notice or suspect something was wrong? (Best estimate is fine.)
Which best describes the type of incident?
- Phishing or social engineering attempt
- Unauthorized system or account access
- Malware or ransomware
- Lost or stolen device
- Data sent or exposed to the wrong recipient
- Physical break-in or unauthorized access to premises
- Other
As far as you know, what type of data may have been affected? Select all that apply.
- Customer personal information
- Employee personal information
- Financial or payment data
- Health records
- Intellectual property or trade secrets
- Login credentials or passwords
- Other
In your own words, what happened? Include what you saw or were told, and any systems, accounts, or locations involved.
How confident are you that the incident is currently contained (i.e., not actively ongoing)?
Has this incident already been reported to your IT or Security team through another channel?
- Yes, already reported
- No, this is the first report
- In progress / not sure
What actions, if any, have already been taken to contain or address this incident (e.g., password reset, device disconnected, account disabled)?
Reconstruct the actual timeline of this incident: how it was first noticed, exactly what the respondent did in the minutes and hours after, and who else was told or involved. Anchor on the specific incident type and data categories they selected, and probe any gap between discovery and reporting — ask what caused the delay, if any, and whether the respondent believes the incident could still be active. If they seem unsure about scope, ask what evidence would help them confirm it.
How clear was it to you what steps to take when you noticed this incident?
Roughly how many individuals or records do you think may be affected? (Enter 0 if unknown or not applicable.)
Which department or team are you part of?
- IT / Security
- Operations
- Sales / Customer Success
- Finance
- HR
- Other
- Prefer not to say
Thank you for reporting this promptly. Your report has been logged and routed to the security team for immediate review; you may be contacted for follow-up as part of the incident response process.
What’s included
AI follow-ups
Adaptive probes on open-ended answers that pull out detail a static form would miss.
Attention checks
Built-in safeguards against rushed answers and low-quality respondents.
AI-drafted copy
Wording, ordering, and branching written by the AI — tuned to your research goal.
Auto report
Themes, quotes, and a plain-English summary write themselves once responses come in.
How it compares
We reviewed the closest templates from other survey tools. Here’s what they do well — and where this template goes further.
Why this template
- Includes an AI follow-up interview that reconstructs the actual incident timeline (discovery, response, containment) instead of relying on a single rushed written summary
- Combines structured fields (role, incident type, data types affected, confidence in containment, estimated records affected, department) with open-ended narrative questions for full context
- Captures process signals other tools don't, like whether the incident was already reported through another channel and how clear the reporting steps were, which helps compliance teams spot process gaps
- Closes with automated logging/routing confirmation messages so the reporter knows their report was received and sent to the right team
Jotform
Security Incident Report Form TemplateA standard fielding-ready form template for logging security incidents with typical fixed fields. It's built on Jotform's general form builder and widget ecosystem rather than anything specialized for security/compliance workflows. Good for basic intake but not for reconstructing what actually happened during the incident.
What it does well
- Fielding-ready template usable immediately
- Backed by Jotform's broad form-building and integration ecosystem
- Likely customizable with drag-and-drop fields
Where it falls short
- Static question set with no adaptive follow-up to probe inconsistent or vague answers
- No mechanism to reconstruct an incident timeline beyond what the reporter chooses to write
- No published methodology on how questions were validated for security/compliance use
SurveyMonkey
Security Breach Report TemplateA fielding-ready template aimed at capturing breach details in a standard survey format. It leans on SurveyMonkey's general survey infrastructure (skip logic, reporting) rather than anything purpose-built for reconstructing incident timelines. Useful as a quick intake form but limited for deeper investigative follow-up.
What it does well
- Fielding-ready and quick to deploy
- Supports basic skip logic for branching questions
- Benefits from SurveyMonkey's established reporting/dashboard tools
Where it falls short
- No adaptive AI interview to dig deeper into vague or incomplete incident descriptions
- Relies on the reporter's own written summary rather than a reconstructed timeline
- No transparent, published prompt methodology for how follow-up questions (if any) are generated
Typeform
Security Incident Report FormA conversational-style, fielding-ready form template for reporting security incidents, benefiting from Typeform's polished one-question-at-a-time UX. It's a static question flow, however, with no capability to adaptively probe for missing details like exact timing of discovery or containment steps. Good for a friendly intake experience but not for deep incident reconstruction.
What it does well
- Polished, conversational one-question-at-a-time UX
- Fielding-ready template with Typeform's known design quality
- Likely supports basic logic jumps between questions
Where it falls short
- No adaptive AI follow-up interview to reconstruct the actual incident timeline
- No automated per-response quality scoring to flag vague or incomplete reports
- No published prompt-level transparency into how any branching questions are determined
Ready to launch?
Open this template in the editor. Every part is yours to change before the first respondent sees it.