Skip to content

Discerning Data

  • About Us
  • Additional Resources
  • Contact Us

DISCERNING DATA

A Faegre Drinker Blog Covering the Latest in Privacy, Cybersecurity and Data Strategy
  • Privacy
  • Cybersecurity
  • Data Strategy
  • Disruptionware

As Cyberattacks Rise, U.S. Business Readiness Falls

Share

Two recent reports reflect that cyberattacks and resulting data breaches continue to threaten U.S. companies and public entities. The Hiscox Cyber Readiness Report (April 23, 2019), compiled from a survey of more than 1,000 U.S. cybersecurity professionals at private companies and public-sector entities with 50 to 1,000+ employees, found that 53% of firms reported at least one cyberattack – up from 38% in 2018. Interestingly, only 11% of U.S. firms qualified as experts based on their cybersecurity preparedness and responses – down from 26% in last year’s survey; 16% of firms ranked as intermediate, and the remaining 73% ranked as novice. These statistics reflect a continuing need for public- and private-sector emphasis on cybersecurity preparedness and incident response.

The Verizon Data Breach Investigations Report (May 8, 2019) analyzed 41,686 cybersecurity incidents, of which 2,103 were confirmed breaches. Of the confirmed breaches, 16% were in the public sector, 15% in health care, and 10% in the financial services and insurance industry. Approximately 43% of the victims were small businesses. The report confirmed that the majority of breaches (69%) were perpetrated by outsiders, whereas a minority (34%) involved internal actors. Twenty-three percent of actors were nation-states or nation-state affiliated; this percentage was highest in the public sector, where cyber espionage accounted for 42% of breaches reported in 2018 (up from 25% in 2017).

Per the 2019 Verizon Report, email remains a popular point of entry for cyberattacks. Compromise of cloud-based email servers accounted for 60% of hacking-related breaches, and the median company received more than 90% of detected malware by email. Mobile devices remain the most vulnerable to hacking, partially due to their smaller, simplified display and the fact that they are often used when people are distracted or multitasking.

In a bit of good news, phishing click-through rates reported from testing exercises are now down to 3% (compared with nearly 25% in 2012). Click rates were highest in education (4.9%), where human error accounted for the largest number of breaches, and lowest in retail (1.3%). Retailers experienced a continued decline in point-of-sale and card-skimming breaches (in part due to the implementation of microchip payment cards, which are more secure than their swipe-and-use predecessors); now, card data is increasingly stolen through web-based e-commerce applications. The financial services and insurance industry was most threatened by web-based email attacks using phishing and social engineering designed to harvest personally identifiable information (as opposed to payment card data).

Awaiting Answers

Will the California Consumer Privacy Act (CCPA ) – which provides a private right of action and statutory damages of up to $750 per violation for California consumers whose personal information is stolen in a data breach – prompt U.S. companies to strengthen their cyber readiness? Will President Trump’s May 15, 2019 Executive Order on Securing the Information and Communications Technology and Services Supply Chain: Infrastructure & Technology – declaring a national emergency to combat nation-state-affiliated cyberattacks and cyber espionage – be effective in combatting the increasing threat of cyberattacks by nation states and their affiliates?

Stay tuned to DBR on Data for more developments.

The material contained in this communication is informational, general in nature and does not constitute legal advice. The material contained in this communication should not be relied upon or used without consulting a lawyer to consider your specific circumstances. This communication was published on the date specified and may not include any changes in the topics, laws, rules or regulations covered. Receipt of this communication does not establish an attorney-client relationship. In some jurisdictions, this communication may be considered attorney advertising.

Receive Email Alerts to New Articles

SUBSCRIBE

May 20, 2019
Written by: Discerning Data Editorial Board
Category: Cybersecurity, Privacy
Tags: California Consumer Privacy Act, CCPA, cybersecurity, data privacy, Data Protection, data security

Post navigation

Previous Previous post: $3 Million Settlement for Exposure of and Latent Response to Exposure of 300,000 Patients’ Protected Health Information
Next Next post: Business Associate Failed to Safeguard 3.5 Million Patients’ Medical Records

Search the Blog

Sign Up for Email Alerts

PODCASTS

Faegre Drinker on Law and Technology

©2023 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

  • About Us
  • Additional Resources
  • Contact Us
We use cookies to improve your experience with our website. By browsing our site, you are agreeing to the use of cookies. For more information about how we use cookies, please review our privacy policy and cookie policy. OK
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT