BakerHostetler Data Security Incident Response Report demonstrates need for cyber resilience and leveraging compromise response intelligence

March 27, 2018

Many entities face the same types of security incidents—some are viewed as handling the incident well, and for some, it’s a disruptive and costly lesson. The ones that fare better have prepared for an incident, and use lessons-learned from prior incidents. Recognizing that entities need a source of reliable information on what actually happens during an incident, the BakerHostetler Privacy and Data Protection team published the 2018 edition of its “Data Security Incident Response Report.” The 2018 Report contains statistics and insights based on more than 560 data security incidents managed by the firm in 2017. The Report provides practical measures entities can use to prioritize risk-management goals and be better prepared to respond to an incident when it happens. The Report calls this using Compromise Response Intelligence to be Compromise Ready.

As noted in previous years, the Report emphasizes that entities need to be “Compromise Ready” by setting up defenses to lessen the number of incidents and having systems in place to respond—being cyber resilient—in order to reduce the risk of attacks and lessen their severity when they do occur.

The Report shows that phishing remained the leading cause of incidents at 34%, followed by network intrusions at 19%, inadvertent disclosure (such as an employee mistake) at 17%, and stolen or lost devices/records at 11%. A new category this year is system misconfiguration, which reflects instances where unauthorized individuals gain access to data stored in the cloud because permissions were set to “public” instead of “private,” and was responsible for 6% of incidents.

Other interesting trends/numbers from this year’s analysis include:

  • Ransomware was involved in 18% of the phishing incidents and 38% of the network intrusion incidents.
  • Size doesn’t matter regarding the likelihood of being breached. In the incidents covered by the Report there was a fairly even number of incidents by entities with revenues between $10 million and $100 million, $100 million and $500 million, $500 million and $1 billion, and $1 billion and $5 billion—with mere percentage points separating those categories.
  • 65% of breaches that the firm worked on were detected internally.
  • What data is at risk? Incidents included in the 2017 survey involved the following types of data: Social Security numbers (46%), healthcare information (39%), all other confidential information, such as student ID numbers, usernames, and passwords (26%), birth dates (24%), financial data (15%), payment card industry data (12%), and driver’s license information (10%).
  • Average size of notification and industry most affected. While the average number of individuals notified per incident was 87,952, the hospitality industry again had the highest average number of notifications per incident at 627,723.

BakerHostetler has the report