Last updated: August 12, 2025
 

A cybersecurity incident is a confirmed event that compromises, or threatens to compromise, the core principles of information security:​

• Confidentiality (unauthorized access to data)

• Integrity (unauthorized modification of data or systems)

• Availability (service interruption or degradation)
   

Be sure to clearly distinguish between a security event and a security incident.
 

Difference Between a Security Event and a Security Incident
 

Security Event
Any detected activity that may be relevant to security but with no confirmed real impact.
Example: a failed login attempt, an antivirus alert.
 

Security Incident
A confirmed event, or series of events, that negatively affects security.
Example: data theft, active ransomware, successful intrusion.
 

In short:

• A security event is potentially suspicious.

• A security incident is confirmed to be harmful.
   

When in doubt, always report all information in as much detail as possible.