What are Cyber Incidents?
A cyber incident is an event in which the availability, integrity or confidentiality of information (systems) has been compromised — often by malicious digital activity or human error.
Cyber incidents can lead to data breaches, process disruption, equipment damage or even hazardous situations in an industrial environment.
🎯 Examples of cyber incidents
| Category | Examples |
|---|---|
| Malware | Infection by Ransomware, Spyware or viruses |
| Network incidents | Unauthorised access via vulnerabilities or poorly secured VPN connections |
| Social Engineering | Phishing or fake helpdesk requests leading to system access |
| Misconfiguration | Unprotected open ports, weak passwords, incorrect firewall rules |
| DDoS attacks | Overloading systems or networks by external parties |
| OT-specific | Manipulation of SCADA, PLCs or sabotage of production lines |
🧯 When is something a cyber incident?
An event is typically classified as an incident when:
- An attack or fault has impact on operations or safety
- There is data loss or a data breach
- A law or standard (such as NIS2, ISO 27001 or BIO) requires action
- It must be reported to a supervisory body, such as the NCSC or a CSIRT
🔁 Cyber incident vs. vulnerability
| Vulnerability | Cyber incident |
|---|---|
| A potential weakness | An actual event or attack |
| Can be discovered via Vulnerability Management | Must be detected, reported and analysed |
| Preventive | Reactive (but often leads to preventive actions) |
🔐 What to do during a cyber incident?
- Detection through SIEM or monitoring tools
- Assessment of impact and classification
- Containment to limit damage
- Reporting to relevant authorities (e.g. within 24 hours under NIS2)
- Recovery of systems (via Disaster Recovery and Business Continuity)
- Evaluation and learning through root cause analysis and adjustments
🏭 Specifically in OT environments
- Manipulation of setpoints in PLCs
- Disruption of SCADA connections or sensor data
- Production downtime due to Ransomware in a factory
- Data theft from a Historian or Remote Access entry point
📌 In summary
A cyber incident is a security event that threatens the continuity, reliability or safety of IT or OT systems. A rapid, coordinated response is essential to limit damage and meet notification requirements under NIS2 or ISO 27001.