Breach vs. Incident: What’s the difference?


The words “breach” and “incident” seem synonymous to many. But for those in the world of cybersecurity and IT, there is a noticeably clear difference.

For outsiders, using these terms as synonyms can cause confusion. If those outsiders are working on Incident Response, even more so! Of course, Incident Response is a situation where you don’t want confusion — so we thought we would clear things up.

Incident: Definition and example

An incident is any event outside of normal operations that interferes with, or disrupts, processes necessary to organizational operations.

An example: You get a verification code from Duo that you didn’t request. Or, you lost your laptop and cannot find it.

Breach: Definition and example

A breach is any incident that results in loss or unauthorized access to an organization’s network, data, applications, or devices.

An example: After a successful phishing attack, your organization is hacked, and sensitive information is released.

Breaches are a subset of incidents

A breach is a subset of an incident. You can think of cybersecurity incidents as a big circle of various incidents, with breaches forming a smaller circle inside of incidents.

Why does this matter? An example

Most organizations will disclose a breach to the public, but they may not be required to disclose an incident. For example, this distinction is relevant to organizations keeping HIPAA in mind. Before healthcare organizations say they have a breach, they should ensure that it really is a breach and not just an incident. Doing so can protect your organization and prevent a great deal of hardship. (And organizations might not have to disclose a breach either — if it’s found that the breach was not harmful to those affected. For example, this is part of data breach law in several states like Arkansas. Good to know, both as a business and a consumer.)

Thinking about an Incident Response plan?

Now that you know the difference, you might be thinking about your own Incident Response plan. What is your strategy for an incident? What are your steps to mitigate incidents? What will you do if your company ever faces a breach? Integris can help. We’ve developed Incident Response plans for a wide variety of organizations — from small startups to organizations with industry regulations. Get in touch today and we’ll start to develop a plan that works for you.

We do IT differently.

Find out what sets us apart from all the other IT companies out there.

Nick McCourt is a vCISO, CISSP at Integris.

Keep reading

vCIO vs. vCISO: What’s The Difference? 

vCIO vs. vCISO: What’s The Difference? 

Managing your IT operations is a big job, especially if you're a small or mid-sized company without the resources to hire a full internal IT staff. In these cases, most companies hire a managed IT service provider to fill the gaps. Yet, knowing who to hire and what...