When assessing the impact of a cyber incident, which factor is typically evaluated to determine the extent of data exposure and potential harm to the organization?
Sensitivity of the compromised data
Number of users affected
Type of attack vector used
Duration of the attack