According to the article, they define incident as..
failure in electronic communications leads to a loss confidentiality, integrity, or availability.
So a operator or programmer error making privileged information available is an incident.
Someone trying to brute force their way into a FTP server and reaching the connection limit, is a denial of service, and therefor also an "incident".
I've used it both ways, depending on the context. I break it down to "tries" and "got in".
"Tries" justifies the budget for IT security. "There were 100 billion attempts to break into the network".
"Got in" is what they should mean. That should be zero. The zero number unfortunately means that the budget can be reduced, because no one can break in.
I generally ignore it when people talk about the attempts. Hell, any of us can fire up nmap, and make a whole bunch of attempts with virtually no effort. If you have public servers and they don't have at least some sort of attempt, you forgot to plug in the network cable. :)