Skip to main content
Security Performance Management
Continuous Monitoring
Vendor Risk Management
Trust Management Hub
Cyber Insurance
National Cybersecurity

Security Incidents Risk Vector

Ingrid

The Security Incidents is a risk vector in the Public Disclosures risk category. It involves a broad range of events related to the undesirable access of a company’s data or resources, including personal health information, personally identifiable information, trade secrets, and intellectual property. They’re grouped into the Breach Security Incidents and General Security Incidents categories.

CIA Triad

We track a range of security events that contribute to any loss of information, known collectively as the “CIA Triad.”

Confidentiality

Indicates if access to sensitive data is restricted to the appropriate parties. Any unauthorized access due to a malicious attack or an internal error is considered a breach.

Integrity

Indicates if data remains in its original form and is unaltered over its life cycle.

Availability

Indicates if data is reliably accessible at all times.

Multiparty Incidents

Multiparty incidents, which are individual Security Incidents that impact multiple companies, can impact a company either directly as the original target or indirectly as a third party of the primarily targeted company.

This is conveyed in the Rating Details as origin, which could indicate the event's impact on the organization as either:

Direct

The original target of the attacker, which is directly impacted by the event.

Indirect

A third party of the targeted company. It is collaterally impacted by the event.

Risk Vector Details

Review how an organization’s Bitsight Security Rating relates to its level of data breach risk.

Incident Categories

Breach Security Incidents

Breach Security Incidents involves serious events that usually result in a successful cyberattack and/or data compromise by unauthorized individuals. Breach Security Incidents are ratings-impacting.

Incident types:

Crimeware

An instance of malware installed for the purpose of acquiring unauthorized data or assets.

Espionage

An incident of unauthorized network or system access exhibiting the motive of state-sponsored or industrial espionage, where trade secrets or IP are frequently targeted.

Intrusion

Unauthorized access which does not involve exfiltration of records or other resources.

Phishing

An attack in which fraudulent email is used to mimic the access of an authorized employee or legitimate contact.

Ransomware

An attack designed to block access to a computer system until a sum of money is paid.

Social Engineering

An attack which uses deception to trick individuals into divulging unauthorized information or access.

Web Apps

An incident in which a web application was the attack vector, including code level vulnerabilities in the application and thwarted authentication mechanisms.

General Security Incidents

General Security Incidents involves other kinds of security events that may still affect security ratings, such as employee error or misconduct. General Security Incidents are considered more severe than Other Disclosures. Some categories of General Security Incidents are ratings-impacting, while others are informational only and do not impact the rating.

Incident types:

Account Takeover (Employee)

An attacker gains unauthorized access into a service through the use of employee's account credentials.

Account Takeover (User)

An attacker gains unauthorized access into a service through the use of a user’s account credentials.

DNS Incident[1]

A DNS security incident for which there is an associated public disclosure. Then organization lost control or never had control of one of its associated assets, as defined by DNS records. Learn more about the distinction between DNS incidents and findings.

Human Error

An incident involving unintentional actions that directly compromise a sensitive asset.

Internal Incident

An incident discovered by the company in question and remediated with no apparent compromise.

Lost/Stolen Asset

An incident where an information asset went missing, whether through misplacement or malice.

Lost/Stolen Asset (Encrypted)

An incident where an encrypted asset went missing, whether through misplacement or malice, with no evidence of encryption compromise.

Other Incident

A security incident that does not fall into one of the other categories.

Point of Sale (PoS)

Remote attacks against the environments where retail transactions are conducted, specifically where purchases are made.

Privilege Abuse

An unapproved or malicious use of organizational resources beyond what is authorized.

Unknown

A security incident where certain classification details pertaining to the event are unknown.

Unsecured Database

A database is left unsecured due to error and the data is accessible by third parties.

Resources

  1. Hackerone, “A Guide to Subdomain Takeovers”
  2. The Register, “DNS entries left pointing to Azure-hosted server names snatched by miscreants for mischief”
  • June 6, 2025: Added more context on multiparty incidents.
  • October 1, 2024: Separated DNS incidents and DNS findings.
  • November 23, 2020: Added resources for DNS incidents.
Was this article helpful?
7 out of 13 found this helpful
Return to top

Related articles

Feedback

0 comments

Please sign in to leave a comment.