Glossary
Plain-language definitions of SEO terms used across the blog.
- Business email compromise (BEC)
- A fraud that uses a hijacked or spoofed email account to trick someone into wiring money or changing payment details. No malware required.
- Business interruption
- The revenue and productivity lost while you are down or degraded after a cyber incident. Often the largest single cost, and the worst estimated.
- Cyber insurance
- A policy that transfers part of your cyber risk, covering incident response, business interruption, data restoration and third-party liability.
- Data breach
- An incident where confidential data is accessed or stolen by an unauthorized party, triggering forensics, legal and notification obligations.
- Double extortion
- A ransomware tactic that steals data before encrypting it, so the attacker can threaten to leak it even if you restore from backup.
- Expected annual loss (ALE)
- The sum, over every incident scenario, of its annual probability times its cost. The number underneath every cyber insurance quote.
- GDPR (data breach fines)
- The EU regulation that requires breach notification and allows fines up to 4% of global turnover. The ceiling, not the expectation.
- Immutable backup
- A backup that cannot be altered or deleted for a set period, so ransomware cannot encrypt or wipe it along with everything else.
- Multi-factor authentication (MFA)
- Requiring a second proof of identity beyond a password. The single highest-return security control for an SME.
- Ransomware
- Malware that encrypts your systems and demands payment for the decryption key, now almost always paired with data theft.
- Recovery time objective (RTO)
- The target time to restore a system after an incident. On paper for most companies; fiction during a real one.