Why aren’t we calling this a breach?

Because a ransomware incident is not automatically a legally defined data breach.

The term “breach” carries specific legal, regulatory and contractual implications. In many jurisdictions, breach notification obligations are triggered only after it is confirmed that protected or personal information was accessed or acquired.

During a ransomware investigation, that determination often takes time. Using the term prematurely can create unnecessary regulatory exposure, trigger contractual obligations, and create confusion among employees and clients.

Effective crisis communications requires precision. The language used in the first 24–72 hours should reflect what is known, not assumptions about what may ultimately be confirmed.

Careful wording protects both credibility and legal posture.

Dave Smolensky2026-02-24T21:02:07+00:00

Resolute Strategic Services is a crisis communications firm that helps organizations prepare for, test and respond to high-impact incidents. Resolute develops actionable crisis communications and cyber incident response plans, pressure-tests teams through realistic tabletop exercises and provides real-time support during events such as cyber incidents, operational disruptions, leadership crises and reputational threats, when every second counts.

27 N. Wacker Drive
Suite 403
Chicago, Illinois 60606
312-673-1301

Share This Story, Choose Your Platform!