Incident severity helps a team decide how quickly to respond, who should be involved, and which communications or legal steps may be required.
Severity should consider:
- Business impact
- Affected systems
- Data exposure
- Customer impact
- Attacker activity
- Legal or regulatory obligations
The initial severity can change as the facts improve. The important point is that the team uses a consistent decision path.
Related page: IncidentAI.