Safety reporting systems, e.g. Air Safety Reporting Systems, are extremely efficient components of well-functioning safety schemes. A Cyber Security Reporting System is badly needed, but good information security data is very difficult to gather and many barriers prevent making existing data available for scientific purposes. In the scarcity of real-cases, we argue that ‘Dynamic Stories’, i.e. the various narratives that can be derived from system dynamics models of the existing system dynamics studies of information security might help establish a Virtual Information Security Reporting System. We do have an interesting opportunity in our running study of information security risks in the transition to eOperations in the offshore oil & gas sector. Given the importance of security for eOperations and the huge stakes involved, it seems that an umbrella organization such as the Norwegian Oil Industry Association is a potential adopter of a Virtual Information Security Reporting System. Our paper formulates issues that need to be solved in order make our vision of such reporting system a tangible prospect.