Tapping into a topic of great interest to all organization types, sizes, and industries, Audit Analytics’ annual “Trends in Cybersecurity Breach Disclosures” captures a decade of data on cyber breaches based on public company disclosures.
Noteworthy takeaways for 2021 include:
- Of the 188 cybersecurity breaches disclosed in 2021, 43% were disclosed in SEC filings – most commonly in the Risk Factors section. Non-SEC disclosure channels include press coverage and state AG offices.
- Nearly 88% of disclosures specified the type of attack that caused the breach. Unauthorized access was the main contributor by a wide margin at about 41%, followed by ransomware attacks at 24%.
- More than 91% of disclosures specified the type of information compromised by the breach. Personal information was the most commonly compromised information as a result of a breach (45%), with names, social security numbers, and addresses topping the list at 51%, 34%, and 28%, respectively.
- Timing of disclosure averaged nearly 80 days after discovery of a breach, with a median of 56 days. The timeframe to discover a breach averaged 42 days (17 days at the median).
Access additional information & resources on our Cybersecurity/Data Privacy page.
This post first appeared in the weekly Society Alert!