Breach vs. Incident: What’s the difference? | Domain Technology Partners

Breach vs. Incident: What’s the difference?

By Nick McCourt & Haley Clark

The words “breach” and “incident” seem synonymous to many. But for those in the world of cybersecurity and IT, there is a noticeably clear difference.

For outsiders, using these terms as synonyms can cause confusion. If those outsiders are working on Incident Response, even more so! Of course, Incident Response is a situation where you don’t want confusion — so we thought we would clear things up.

Incident: Definition and example

An incident is any event outside of normal operations that interferes with, or disrupts, processes necessary to organizational operations.

An example: You get a verification code from Duo that you didn’t request. Or, you lost your laptop and cannot find it.

Breach: Definition and example

A breach is any incident that results in loss or unauthorized access to an organization’s network, data, applications, or devices.

An example: After a successful phishing attack, your organization is hacked, and sensitive information is released.

A graphic of two circles — the larger one is titled Incident, and the smaller one inside the larger one is titled Breach

Breaches are a subset of incidents

A breach is a subset of an incident. You can think of cybersecurity incidents as a big circle of various incidents, with breaches forming a smaller circle inside of incidents.

Why does this matter? An example

Most organizations will disclose a breach to the public, but they may not be required to disclose an incident. For example, this distinction is relevant to organizations keeping HIPAA in mind. Before healthcare organizations say they have a breach, they should ensure that it really is a breach and not just an incident. Doing so can protect your organization and prevent a great deal of hardship. (And organizations might not have to disclose a breach either — if it’s found that the breach was not harmful to those affected. For example, this is part of data breach law in several states like Arkansas. Good to know, both as a business and a consumer.)

Thinking about an Incident Response plan?

Now that you know the difference, you might be thinking about your own Incident Response plan. What is your strategy for an incident? What are your steps to mitigate incidents? What will you do if your company ever faces a breach? Domain Technology Partners can help. We’ve developed Incident Response plans for a wide variety of organizations — from small startups to organizations with industry regulations. Get in touch today and we’ll start to develop a plan that works for you.

We do IT differently.

Find out what sets us apart from all the other IT companies out there.

We do IT differently.

Find out what sets us apart from all the other IT companies out there.