Information security, which is defined as a preservation of confidentiality, integrity and availability of information, ensures a continuity of business and limits a damage by preventing and reducing the impact of security incidents. In order to properly incidents management, a knowledge about these threats should be known, especially about their types and numbers of occurrences. The paper describes selected aspects of information security incidents. It considers legal requirements related to the information security in the Czech Republic and Poland and gives some examples of the information security incidents in these countries. The aim of the research was analysis and evaluation of the information security incidents in the Czech Republic and Poland. The analysis was based on the reports of the Government Computer Emergency Response Team (GovCERT. CZ), the Governmental Computer Security Incident Response Team (CERT. GOV. PL) and on the basis of data from the statistics of the National CSIRT of the Czech Republic (CSIRT. CZ) and the CERT Polska (CERT. PL). These teams were appointed to provide several security services, such as for example: research and development in the area of cybersecurity, education and tutoring, support to defend against threats and registration and handling of incidents. Every year the Computer Security Incident Response Teams prepares reports on the status of cyberspace security. According to these reports, the numbers of information security incidents have grown rapidly and it can be argued that the numbers of reported incidents will grow in the future. The current study focuses on the reported incidents from the years 2013-2015. A comparative analysis of incidents is quite complicated, because the reports templates are different and the countries have various incidents classifications.