BakerHostetler Launches 2023 Data Security Incident Response Report

Washington — April 27, 2023

Key takeaways

• BakerHostetler’s ninth annual security incident response report (based on data from over 1,160 security incidents from the prior year) contains data breach statistics and insights about key issues across the life cycle of data and technology.
• The number of incidents across industries was almost identical in 2022 and 2021 (usually there are changes as threat actors find a new industry to target for a specific reason).
• There were fewer ransomware incidents for most of 2022 (compared to 2021) until an end-of-the-year surge. The surge resulted in a moderate increase in the average amount of initial ransom demands, the amount of a ransom actually paid and the length of time to recover from a ransomware attack. Recovery times for most industries all increased last year.
• Network intrusions remained the most common type of incident, accounting for nearly half of the matters tracked in the report. On a positive note, companies are getting quicker at identifying — and containing — such incidents.
• Fraudulent fund transfers, which were prevalent in 2021, saw a decrease in number, total transfer amount ($27 million) and average transfer amount ($294,137) in 2022. However, the rate of success in recovering funds dropped from 42% in 2021 to 24% in 2022.
• Forensic investigation costs increased by 20% on average last year, not including business interruption costs, data review and notice costs, and indemnity claims.
• The attacker-defender struggle continued. Organizations implemented enhanced security measures and attackers evolved by using techniques such as MFA bombing, social engineering, EDR-evading malware and SEO poisoning.
• Litigation related to data breaches was more frequent and lawsuits are being filed in matters affecting fewer individuals.
• Lawsuits based on privacy statutes continued to grow.

Why this matters

Now in its ninth year, the Data Security Incident Response Report features statistics and insights from 1,160+ incidents that BakerHostetler’s Digital Assets and Data Management Practice Group helped clients manage in 2022. The unique report includes data aggregated from security incidents as well as insights from BakerHostetler’s full suite of advisory services for clients across the entire data and technology life cycle.

Key findings from the report are summarized on the inside cover and discussed in depth throughout. A dashboard-style “At a Glance” section provides data points on nine key incident response trends. These key areas are also covered in depth through annually recurring sections — industries affected, incident response life cycle timelines, forensics, regulatory investigations, litigation trends, privacy and ransomware. The statistics provide context companies can use to benchmark and prioritize where to make changes to enhance their cybersecurity posture. There are also “Take Action” items that convey the most common recommendations for improvements.

The 2023 DSIR Report includes full sections on website tracking technology; issues faced by educational institutions, tribal organizations and health care institutions; actions by the Securities and Exchange Commission; international data protection developments; and updates on employee issues, Federal Trade Commission rulemaking and enforcement, information governance, advertising issues, state data collection laws, digital assets, and tech transactions.