Ideally, you would already have classified your data and be aligned with a cybersecurity or compliance framework to be able to effectively classify the severity level of a cyber incident. This quick reference model can help with communication and the next steps for incidents.
High-Level Cyber Incidents — Exposure (or possible exposure) of personally identifiable information (PII), payment card information (PCI), protected health information (PHI), Controlled Unclassified Information (CUI), classified information, or other data that could lead to critical losses if disclosed or corrupted. Examples of “other data” could include client data, pricing models, secret recipes, and so on.
Medium-Level Cyber Incidents — Exposure (or possible exposure) of Confidential information that could result in a significant loss to the organization if lost or disclosed. Examples of confidential data could be business proposals, customer lists, HR files, student behavior reports, staff compensation, and financial reports.
Low-Level Cyber Incidents — An incident in which no data is exposed or possibly exposed or the only data exposed or possibly exposed is publicly available or of no value. Examples would be email address lists, training materials (if not confidential), press releases, and class schedules.
Classifying an incident properly can help with determining who needs to be notified and what other steps to follow in your incident response playbook. Third-party breach response resources can also be engaged to help you/your customers to correctly classify and respond to an incident as failure to do this step right can result in increased exposure for damages.