←GO BACK TO METRICS

Number of Data Breaches

REFERENCE
S3.1.1
CATEGORY
Data Security
METRIC
Number of Data Breaches
UNIT
Number

Definition

This metric tracks the number of data breaches that occurred in the last calendar year.

Expanded Definition

SASB defines a data breach as “the unauthorized movement or disclosure of sensitive information to a party, usually outside the organization, that is not authorized to have or see the information.”

SASB specifies that the “scope of disclosure is limited to data breaches that resulted in a deviation from the entity’s expected outcomes for confidentiality and/or integrity.”

SASB further notes that the organization “may delay disclosure if a law enforcement agency has determined that notification impedes a criminal investigation or until the law enforcement agency determines that such notification does not compromise the investigation.”