Ideally you would already have classified your data and be aligned with a cybersecurity or compliance framework to be able to effectively classify the severity level of various types of incidents.  This quick reference model can help with communication and next steps for incidents.

High Level Incidents – Exposure (or possible exposure) of personally identifiable information (PII), payment card information (PCI), protected health information (PHI), Controlled Unclassified Information (CUI), classified information, or other data that could lead to critical losses if disclosed or corrupted.  Examples of “other data” could include client data, pricing models, secret recipes and so on.

Medium Level Incidents – Exposure (or possible exposure) of Confidential information that if lost or disclosed could result in a significant loss to the organization.  Examples of confidential data could be business proposals, customer lists, HR files, student behavior reports, staff compensation, and financial reports.

Low Level Incidents – An incident in which no data is exposed or possibly exposed or the only data exposed or possibly exposed is publicly available or of no value.  Examples would be email address lists, training materials (if not confidential), press releases, class schedules.

Classifying an incident properly can help with determining who needs to be notified and what other steps to follow in your incident response playbookThird party breach response resources can also be engaged to help you/your customers to correctly classify and respond to an incident as failure to do this step right can result in increased exposure for damages.