Security incidents can be triggered by a single event or a chain of unfortunate circumstances.
They can result in the confidentiality, integrity, or availability of information and IT systems
being compromised. This will then quickly have an adverse effect on essential specialised tasks
and business processes in the organisation affected. Even if most security incidents do not
become public, they may still have a negative impact on the organisation’s relationships with
business partners and customers. Such incidents can also result in legal violations. The most
serious and far-reaching security incidents are not triggered by the most serious security vulnerabilities. In many cases, a chain reaction of minor factors leads to the most extensive
damage.