Skip to main content
Security Performance Management
Continuous Monitoring
Vendor Risk Management
Trust Management Hub
Cyber Insurance
National Cybersecurity

Public Disclosures Risk Category

Ingrid

The Public Disclosures risk category provides information related to possible incidents of undesirable access to a company’s data, including breaches, general security incidents, and other disclosures. Though these events do not necessarily result in data loss, the interruptions to business continuity are relevant and can be used to improve security preparedness.

Public Discovery

The earliest date when information pertaining to the security incident became publicly available either via news sources or filing with regulatory bodies, when an incident was self-discovered & the date of discovery publicly available, or the date when affected parties were notified. When major headline news of unauthorized access is disclosed, we add it to our system within the same week. Note that having knowledge of the actual date of the incident is rare, even to the affected company.

What is the public discovery date?

Effective Date

The date when a Security Incident event was recorded in the Bitsight platform.

What is effective date?

Resources

Risk Vectors

The Public Disclosures risk category is classified into the following risk vectors:

Security Incidents

The Security Incidents risk vector involves a broad range of events related to the undesirable access of a company’s data or resources, including personal health information, personally identifiable information, trade secrets, and intellectual property. They’re grouped into Breach Security Incidents and General Security Incidents.

  • Breach Security Incidents involve serious events that usually result in a successful cyberattack and/or data compromise by unauthorized individuals.
  • General Security Incidents involves other kinds of security events that may still affect security ratings, such as employee error or misconduct.

Other Disclosures

The Other Disclosures risk vector includes other kinds of publicly disclosed events. It’s considered to be the least severe among the Public Disclosures risk vectors.

  • December 17, 2024: Referenced data collection process.
  • May 8, 2020: Updated risk vector descriptions to match the descriptions in the Rating Details page.

Related articles

Feedback

0 comments

Please sign in to leave a comment.