Breach vs. Incident: What’s the difference?

by

The words “breach” and “incident” seem synonymous to many. But for those in the world of cybersecurity and IT, there is a noticeably clear difference.

For outsiders, using these terms as synonyms can cause confusion. If those outsiders are working on Incident Response, even more so! Of course, Incident Response is a situation where you don’t want confusion — so we thought we would clear things up.

Incident: Definition and example

An incident is any event outside of normal operations that interferes with, or disrupts, processes necessary to organizational operations.

An example: You get a verification code from Duo that you didn’t request. Or, you lost your laptop and cannot find it.

Breach: Definition and example

A breach is any incident that results in loss or unauthorized access to an organization’s network, data, applications, or devices.

An example: After a successful phishing attack, your organization is hacked, and sensitive information is released.

Breaches are a subset of incidents

A breach is a subset of an incident. You can think of cybersecurity incidents as a big circle of various incidents, with breaches forming a smaller circle inside of incidents.

Why does this matter? An example

Most organizations will disclose a breach to the public, but they may not be required to disclose an incident. For example, this distinction is relevant to organizations keeping HIPAA in mind. Before healthcare organizations say they have a breach, they should ensure that it really is a breach and not just an incident. Doing so can protect your organization and prevent a great deal of hardship. (And organizations might not have to disclose a breach either — if it’s found that the breach was not harmful to those affected. For example, this is part of data breach law in several states like Arkansas. Good to know, both as a business and a consumer.)

Thinking about an Incident Response plan?

Now that you know the difference, you might be thinking about your own Incident Response plan. What is your strategy for an incident? What are your steps to mitigate incidents? What will you do if your company ever faces a breach? Integris can help. We’ve developed Incident Response plans for a wide variety of organizations — from small startups to organizations with industry regulations. Get in touch today and we’ll start to develop a plan that works for you.

We do IT differently.

Find out what sets us apart from all the other IT companies out there.

Nick McCourt is a vCISO, CISSP at Integris.

Keep reading

How to Run Governance on Your Security Awareness Training Program

How to Run Governance on Your Security Awareness Training Program

Has your company decided to take the plunge, and start a regular schedule of monthly online security awareness trainings for your employees? Great! You’ve just taken a big step toward hardening your cybersecurity defenses. Now what? Chances are, you’ve purchased a...

What Can Cybersecurity Awareness Training Do for My Company?

What Can Cybersecurity Awareness Training Do for My Company?

Global spending on employee cybersecurity awareness training is predicted to exceed $10 billion USD by 2027, up from around $5.6 billion USD in 2023, according to the latest estimates from Cybersecurity Ventures. Why? Because more companies than ever are realizing...

Third Party Vendor Risk Management: A Guide for Law Firms

Third Party Vendor Risk Management: A Guide for Law Firms

You've bought the cybersecurity tools your MSP recommended to manage your cybersecurity. You use a permission-based platform to transfer client files back and forth. Your firm should be covered for data breaches, especially third-party vendor risk, right? Tell that to...