The Verizon 2020 Data Breach Investigations Report (DBIR) helps answer the question “What is a data breach?” by defining a data breach as “an incident that results in the confirmed disclosure—not just potential exposure—of data to an unauthorized party.” Data breaches may involve human actions, hardware devices, exploited configurations, malicious software—or a combination of all these factors. But note that a data breach is not the same thing as an “incident.”
Why does it matter what you call it? As data privacy compliance regulations tighten, knowing the difference between a data breach and an incident could save an organization millions of dollars in fines and reputational damage. For example, while many people think that traditional ransomware attacks are data breaches, the DBIR classifies them as cyber incidents. That’s because the data is encrypted, not stolen and disclosed. A ransomware attack only becomes a data breach when the victim’s data is dumped publicly, sold illegally or used to steal credentials.
To better protect your network, it’s important to be able to spot the signs of a data breach. For more information on how to do this, read Overlooked Signs of a Network Data Breach.