A security incident is any event that threatens the confidentiality, integrity, or availability of your systems or data — a phishing click, ransomware deployment, unauthorized access attempt. Not all incidents become breaches.

A data breach, under Arizona law (ARS § 18-552), is a security incident in which personal information was accessed without authorization. Breaches trigger specific legal obligations: notification to affected individuals within 45 days, notification to the Arizona AG if 500+ residents are affected. Security incidents don't automatically trigger notification — but you need forensics to determine whether a breach occurred, which is why incident response capability matters.