What’s the Difference Between a Cyber Incident and Data Breach?
Category
Cybersecurity Fundamentals
Risk Level
We talk about cyber incidents and data breaches here on the ACT a lot. Like. All. The. Time. Since cyber incidents and data breaches aren’t going to stop any time soon, we thought we’d take some time to clearly define the two.
Cyber Incidents
You may also hear a cyber incident called an “incident,” or a “cybersecurity incident,” but the idea is the same:
You may remember from another ACT post, that an “IT system” is a grouping of interconnected IT assets. These IT assets could be servers, cloud computers, laptops, phones, or even control devices in a power station. The IT system could be an accounting system, a social media app, or a series of medical devices at a hospital. When the IT system is impacted in a way that it can no longer operate as intended, this is a cyber incident. This could include an IT system being taken offline by hackers, being attacked by ransomware, or even a data center catching on fire - rendering the servers inside inoperable.
We should note that a cyber incident differs from a “cyber attack” in that a cyber attack is generally considered the precursor to a cyber incident. A cyber incident is declared when a cyber attack has actually impacted the confidentiality, integrity, or availability of an IT system. If you need a refresher on these topics, check out our ACT post that dives into more detail.
You may also be wondering, are there other types of incidents? Of course. Your organization’s enterprise risk management plan should prepare to respond to all kinds of incidents. From physical security, to financial, to personnel - all incident types, including cyber, should have a plan.
Data Breach
So what’s a data breach then? It’s similar to a cyber incident, but has one key difference:
What does that really mean? It means that if your organization is experiencing a cyber incident, it doesn’t become a data breach until there is confirmed disclosure. This confirmation could occur via a number of ways, but most likely would happen by understanding the impact of a cyber incident, or ultimately, the public exposure of the stolen information.
The second most notable difference between a cyber incident and a data breach for organizations is how to respond. While there are a handful of laws and regulations regarding when to report cyber incidents, there are a large number of laws and regulations around data breaches; including some with heavy fines. If your organization suffers a data breach, you may have a duty to report it to the authorities, sometimes as quickly as 1 hour after you confirm the data breach has occurred.
Finally, a data breach may also occur via paper, and not electronically. Imagine if the wrong results from a medical test were mailed to you instead. This would also be considered a data breach.
Responding
If your organization has been the victim of a cyber incident or data breach, you’ll need to activate the “cybersecurity incident response plan” for your organization. This plan should outline the actions and communications needed to efficiently and effectively respond. The plan should cover the following key areas:
Preparation;
Detection and analysis;
Containment, eradication, and recovery; and
Post-incident analysis
If you're worried about your organization’s ability to respond quickly and mitigate the effects of a cybersecurity incident, Hive Systems can help assess your cybersecurity preparedness, run training drills, and establish strategic emergency plans that fit your workplace culture and compliance requirements. Contact us today for a free consultation.