Incident

Definition

A security incident is an event that puts an organization’s systems, data, or people at risk. It means that something harmful has happened or is actively underway, not just a warning or suspicion. An incident can involve a cyber attack from an outside threat actor or a mistake inside the organization that leads to exposure or disruption.

In cybersecurity, defenders constantly receive alerts from monitoring tools. Many alerts turn out to be harmless. An event becomes an incident when there is evidence that the confidentiality, integrity, or availability of systems or data may be compromised.

Common types of incidents include:

* **Unauthorized access**: someone logs in using stolen or guessed credentials
* **Malware infection**: harmful software is found running on a system
* **Data exposure**: sensitive information is viewed or taken by the wrong person
* **Service disruption**: systems are slowed down or stopped by an attack
* **Lateral movement**: an attacker already inside the network attempts to spread

**Example scenario**
A user reports that files are suddenly encrypted, and a ransom note appears on their screen. Logs show a suspicious remote login just before the encryption started. This is clearly a security incident because an attacker has taken control of part of the system and is demanding payment.

**How incidents are handled**
Organizations follow a structured Incident Response process that usually includes:

1. **Detection**: noticing that something unusual or harmful is happening
2. **Analysis**: determining what happened and how far it spread
3. **Containment**: stopping the attack from spreading further
4. **Eradication**: removing the attacker or malware
5. **Recovery**: restoring normal operations safely
6. **Lessons learned**: improving defenses to prevent a repeat

**Why this matters**
Incidents cost money, damage trust, and disrupt business operations. Responding correctly and quickly reduces the harm. Cybersecurity teams train to identify and act on incidents so organizations can stay safe and operational.

Incident

Definition

Explore More Terms