Companies Hit With Data Breach Lawsuits
The law firm Baker Hostetler published its 2023 Data Security Incident Response Report. It is based on more than 1,100 cybersecurity incidents investigated by them last year.
Here are some of the statistics they published:
- 45 percent of the incidents were network intrusions
- 30% were business email compromise attacks and
- 12% were inadvertent data disclosures
The most common actions after initial access were:
- Ransomware – 28%
- Data theft – 24%
- Email access – 21%
- and malware installation – 13%
While a blockchain data analysis company said that the total amount of ransom paid in 2022 ($457 million) was down from 2021 ($766 million), those numbers don’t tell the whole story.
Baker Hostetler says that ransom payments were up this year; the largest demand was more than $90 million compared to the largest last year ($60 million) while the largest payment they saw this year was more than $8 million, up from $5.5 million last year.
The average ransom was up a little bit – $600k, up from $511k last year.
The cost of forensics for the 20 largest investigations was up 24% this year compared to last year while the average forensics cost was $58,000.
Lawsuits are also up – from 4 lawsuits out of 394 incidents in 2018 to 42 lawsuits out of 494 incidents last year.
The firm also says that privacy-related class actions are up; they are aware of more than 50 since August of last year just against hospital systems. They say their firm, alone, is currently defending more than 200 lawsuits.
The bottom line here – if you get breached it is going to be messy and expensive.
If you need help reducing that risk, please contact us.
Credit: Security Week