What should organizations do with a loss event rated as "seriousness unknown"?

When faced with a loss event rated as "seriousness unknown," the most appropriate action is to replace it with a provisional rating. This approach provides a more flexible framework for dealing with the uncertainties surrounding the event. A provisional rating allows organizations to assign a temporary classification while they gather more information and insights about the event's potential impact.

By opting for a provisional rating, organizations can avoid making premature conclusions or decisions that could affect their security posture adversely. It also emphasizes the need for ongoing assessment and review until enough data is available to classify the seriousness of the event more definitively. This mindset fosters an adaptive risk management process where organizations focus on clarifying unknowns and systematically working towards a better understanding of the risks they face.

In contrast, establishing a loss event as a permanent rating or identifying it for further analysis could limit an organization's ability to respond dynamically, as it might lead to stagnation in assessing the seriousness of the threat. While determining if it needs urgent attention is also a valid consideration, the immediate next step with an unknown seriousness should focus on gaining clarity by providing a provisional rating that encourages further investigation.