Security Breach vs. Data Breach
While many people use the terms interchangeably, “security breach” and “data breach” have specific meanings. A security breach involves access to systems or devices, while a data breach is specifically about data. The two will commonly (but not always) occur in the same incident. You should address both in your overall security policy. The distinction between the two is most important in an insurance or regulatory context. Let’s break down a security breach vs. data breach.
Part of the confusion with the terms is that “security breach” is often used interchangeably with “security incident.” A security incident is any event where your security procedures and policies aren’t followed or are violated. A security breach specifically involves access. For example, if you leave a work laptop in a bar, it’s a security incident. However, it’s only a security breach if somebody in the bar then opens up the laptop and starts using it.
A security breach is any time somebody gains unauthorized access to a device, network, website, server, or other IT asset. This could be remote access, for example through an online attack, malware or successfully bypassing password protection. It could be physical access, for example, through a burglary or theft.
A data breach specifically involves unauthorized access to data such as computer files and documents. While precise definitions vary, data breaches usually also cover unauthorized alteration or destruction of data. For example, somebody remotely wiping your database would be a data breach even if the attacker didn’t read any of the records.
The definition of data breach usually distinguishes between the computer files themselves and the information they contain. That’s important as it takes account of measures such as encryption. For example, you might have a security breach where an attacker was able to access files on your server but be unable to open them in unencrypted format. Most people would not consider that a data breach as the information itself wasn’t accessed or compromised.
To recap, a data breach is a specific type of security breach. In turn, a security breach is a possible (but not inevitable) outcome of a security incident. In most situations, you should worry less about the precise definitions and more about having a robust and wide-ranging security policy that reduces the risk of any incident or breach.
One situation where the definitions really do matter is with data protection laws. Many jurisdictions require you to notify regulatory authorities about a data breach. You may also need to tell the people the data was about, the media, or both. Such laws usually have specific definitions about what qualifies as a data breach. What you have to do may depend on whether the data was protected by encryption.
Definitions could also be important with specialist cybersecurity insurance policies. You will need to check exactly which incidents and breaches the policy covers, along with any requirements you must follow to protect data.
CPI Solutions can help you develop security policies and procedures to reduce both the likelihood of, and damage from, security and data breaches. Contact us today for more details.