Tapping into a topic of great interest to all organization types, sizes, and industries, Audit Analytics’ third annual “Trends in Cybersecurity Breaches” captures a decade of data on cyber breaches based on public company disclosures.
Noteworthy takeaways for 2020 include:
- 117 breaches were disclosed in 2020, down from 144 in 2019.
- Just 10% of disclosures did not specify the type of attack that caused the breach. Malware and unauthorized access were most commonly involved, as depicted here:
- Personal information was the most commonly compromised information as a result of the breach, with names, addresses, and social security numbers topping the list at 53%, 29%, and 28%, respectively.
- Timing of disclosure averaged 53 days (37 days median) after discovery of a breach. The timeframe to discover a breach averaged 44 days (16 days at the median).
- Breaches were most commonly addressed in the SEC filing’s Risk Factors section, followed by the footnotes to financials, and the MD&A.
- The Technology, Communication Services, Consumer Cyclical, and Healthcare sectors accounted for 67% of disclosed breaches.
See Audit Analytics’ post and additional information & resources on our Cybersecurity/Data Privacy page.
This post first appeared in the weekly Society Alert!