Security Performance Management
Continuous Monitoring
Cyber Insurance
National Cybersecurity

Articles in this section

Public Disclosures Risk Category

Avatar
Ingrid
Follow
  • May 8, 2020: Updated risk vector descriptions to match the descriptions in the Rating Details page.

⇤ Overview of Risk Categories and Risk Vectors

The Public Disclosures risk category provides information related to possible incidents of undesirable access to a company’s data, including breaches, general security incidents, and other disclosures. Information is collected from verifiable news sources, both domestic and international, and by filing Freedom of Information Act (FOIA) requests.

Though these events do not necessarily result in data loss, the interruptions to business continuity are relevant and can be used to improve security preparedness.

Public Discovery
The earliest date when information pertaining to the security incident became publicly available either via news sources or filing with regulatory bodies, when an incident was self-discovered & the date of discovery publicly available, or the date when affected parties were notified. When major headline news of unauthorized access is disclosed, we add it to our system within the same week. Note that having knowledge of the actual date of the incident is rare, even to the affected company.
Effective Date
The date when a Security Incident event was recorded in the Bitsight platform.

Learn more about Public Disclosures or review how the Public Disclosures risk category is calculated.

Risk Vectors

The Public Disclosures risk category is classified into the following risk vectors:

Risk Vector Description
Security Incidents

The Security Incidents risk vector involves a broad range of events related to the undesirable access of a company’s data or resources, including personal health information, personally identifiable information, trade secrets, and intellectual property. They’re grouped into Breach Security Incidents and General Security Incidents.

  • Breach Security Incidents involves serious events that usually result in a successful cyberattack and/or data compromise by unauthorized individuals.
  • General Security Incidents involves other kinds of security events that may still affect security ratings, such as employee error or misconduct.
Other Disclosures The Other Disclosures risk vector includes other kinds of publicly disclosed events. It’s considered to be the least severe among the Public Disclosures risk vectors.

Related articles