Phishing, hacking, malware drive cyber security breaches

Phishing, hacking and malware accounted for 43% of cyber security incidents in 2016, says law firm Baker& Hosteller L.L.P. in an analysis of the more than 450 incidents the Cleveland-based law firm worked on in 2016.

The 43% represents a 12-percentage-point jump from the report the law firm issued last year.

Other results of the BakerHostetler 2017 Data Security Incident Report, issued Wednesday, were: Employee action/mistakes accounted for 32% of all incidents; lost or stolen devices or records, 18%; ransomware, 10%; other criminal acts, 4%; and internal theft, 3%.

The report said the incident response timeline on average was: 61 days from occurrence to discovery; eight days from discovery to containment; 40 days to engagement of a forensics firm until the investigation’s completion; and 41 days from discovery to notification.

The biggest percentage of industries affected were health care, at 35%, followed by finance and insurance, 16%; education, 14%; retail/restaurant/hospitality, 13%; “other,” 9%; business and professional services, 6%; and government, 5%.

The average total cost of forensic investigations in 2016 was $62,290 per incident, with the 20 most costly investigations averaging $237,602.

A total of 257 notifications resulted in nine lawsuits filed, according to the report.