A security incident is any event that compromises or threatens the confidentiality, integrity or availability of information or information systems. Incidents range from malware infections and unauthorised access attempts to data breaches and denial-of-service attacks. Timely identification and classification of incidents is essential for triggering an appropriate response and meeting regulatory notification obligations.
Organisations should maintain a documented incident response plan that defines roles, communication channels, escalation procedures and evidence preservation requirements. Under the GDPR, certain incidents involving personal data must be reported to the supervisory authority within 72 hours and, where there is a high risk to individuals, to the affected data subjects without undue delay.