This metric tracks the number of data breaches that occurred in the last calendar year.
SASB defines a data breach as “the unauthorized movement or disclosure of sensitive information to a party, usually outside the organization, that is not authorized to have or see the information.”
SASB specifies that the “scope of disclosure is limited to data breaches that resulted in a deviation from the entity’s expected outcomes for confidentiality and/or integrity.”
SASB further notes that the organization “may delay disclosure if a law enforcement agency has determined that notification impedes a criminal investigation or until the law enforcement agency determines that such notification does not compromise the investigation.”