Login Register Subscribe
Current Issue

Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Phishing, hacking, malware drive cyber security breaches

Reprints

Phishing, hacking and malware accounted for 43% of cyber security incidents in 2016, says law firm Baker& Hosteller L.L.P. in an analysis of the more than 450 incidents the Cleveland-based law firm worked on in 2016.

The 43% represents a 12-percentage-point jump from the report the law firm issued last year.

Other results of the BakerHostetler 2017 Data Security Incident Report, issued Wednesday, were: Employee action/mistakes accounted for 32% of all incidents; lost or stolen devices or records, 18%; ransomware, 10%; other criminal acts, 4%; and internal theft, 3%.

The report said the incident response timeline on average was: 61 days from occurrence to discovery; eight days from discovery to containment; 40 days to engagement of a forensics firm until the investigation’s completion; and 41 days from discovery to notification.

The biggest percentage of industries affected were health care, at 35%, followed by finance and insurance, 16%; education, 14%; retail/restaurant/hospitality, 13%; “other,” 9%; business and professional services, 6%; and government, 5%.

The average total cost of forensic investigations in 2016 was $62,290 per incident, with the 20 most costly investigations averaging $237,602.

A total of 257 notifications resulted in nine lawsuits filed, according to the report.