What’s in a Name? Defining Event vs. Security Incident vs. Data Breach

According to a sobering new report from security firm FireEye, on average 96 percent of systems across all industry segments have been breached. The report further found that 27 percent of these breaches involved advanced malware. This finding is in line with the Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data by Ponemon Institute, which found that criminal attacks are up 125 percent compared to five years ago.

Given today’s threat-filled environment, chances are high that your organization will be—or already has been—the target of an attack, putting sensitive data at risk. How do you define this? Is it an event? A security incident? A data breach? Does it even matter what it’s called?

In a word, yes. How you classify an occurrence will dictate your response—and thus how well you can minimize the monetary, regulatory, and reputational risks to you, your company, and the customers you serve.

What is an Event?

Events are daily occurrences for many businesses in which data or records could have been exposed. A common example of this is receiving a phishing email or a firewall blocking a connection attempt. With adequate cybersecurity practices in place, it is rare that an event is cause for major concern. However, if a potentially harmful event is found, it’s important to notify the right teams that may come across it and work with your security team to determine what next steps should be taken to mitigate any risk it could introduce.

What is a Security Incident?

The National Cyber Security Centre defines an incident as an infiltration “of a system’s security policy in order to affect its integrity or availability and/or the unauthorized access or attempted access to a system.” This could be something as simple as a bad actor finding a lost flash drive with sensitive information. Over time, however, bad actors have evolved their tactics, and more common incidents today take the form of direct attempts to access systems and/or data or make changes to firmware, software, or hardware.

What is a Data Breach?

A data breach is a security (or privacy) incident that meets specific legal definitions as per state and federal breach laws. If a data breach occurs, your organization is required to notify affected individuals, regulatory agencies, and credit reporting agencies.

While data breaches may be less likely to occur than incidents and events, they are by far the most severe. To avoid legal ramifications and public scrutiny, writing off a potential breach as an incident may be tempting, but the consequences may cripple a company if they choose to do so. Documentation and performing multi-factor incident risk assessments falls on the company to demonstrate compliance. Failure to provide thorough documentation can lead to penalties and corrective action plans from regulators.

Real-world Example

Consider the experience of Catamaran, a large public company that provides pharmacy benefits management services to healthcare organizations. To efficiently manage its regulatory obligations and easily navigate the complexity of state and federal breach laws, the company implemented ID Experts RADAR®, incident response management software. RADAR automates the process of evaluating incidents against current state and federal regulations.

Catamaran discusses its approach in a recent webinar, Bringing Incident Response & Breach Management Out of the Dark Ages.

Conclusion

Properly defining an event or security incident or data breach is more than a matter of semantics. It’s about strategically addressing and protecting your organization against regulatory and reputational risks. It’s about breaking down departmental silos and enabling effective collaboration between security, compliance, privacy and legal roles in an integrated defense against data security threats—whatever they may be.