The Public Disclosures risk category provides information related to possible incidents of undesirable access to a company’s data, including breaches, general security incidents, and other disclosures. Though these events do not necessarily result in data loss, the interruptions to business continuity are relevant and can be used to improve security preparedness.
- Public Discovery
-
The earliest date when information pertaining to the security incident became publicly available either via news sources or filing with regulatory bodies, when an incident was self-discovered & the date of discovery publicly available, or the date when affected parties were notified. When major headline news of unauthorized access is disclosed, we add it to our system within the same week. Note that having knowledge of the actual date of the incident is rare, even to the affected company.
What is the public discovery date?
- Effective Date
-
The date when a Security Incident event was recorded in the Bitsight platform.
What is effective date?
Resources
Risk Vectors
The Public Disclosures risk category is classified into the following risk vectors:
Security Incidents
The Security Incidents risk vector involves a broad range of events related to the undesirable access of a company’s data or resources, including personal health information, personally identifiable information, trade secrets, and intellectual property. They’re grouped into Breach Security Incidents and General Security Incidents.
- Breach Security Incidents involve serious events that usually result in a successful cyberattack and/or data compromise by unauthorized individuals.
- General Security Incidents involves other kinds of security events that may still affect security ratings, such as employee error or misconduct.
Other Disclosures
The Other Disclosures risk vector includes other kinds of publicly disclosed events. It’s considered to be the least severe among the Public Disclosures risk vectors.
- December 17, 2024: Referenced data collection process.
- May 8, 2020: Updated risk vector descriptions to match the descriptions in the Rating Details page.
Feedback
0 comments
Please sign in to leave a comment.