Tapping into a topic of great interest to all organization types, sizes, and industries, Ideagen Audit Analytics’ annual cybersecurity incident disclosures report captures more than a decade of data on cyber breaches based on public company disclosures.
Noteworthy takeaways for 2023 include:
- Of the 196 cybersecurity breaches disclosed in 2023 (a 5-year high) by 171 public companies (of more than 7,000 SEC registrants total), 29% were initially disclosed in SEC filings—most commonly (51%) in a Form 10-K or 10-Q.
- Of those that made their initial disclosure in a periodic report, 83% made disclosure in the Risk Factors section.
- Nearly 90% of disclosures specified the type of event that caused the breach. Unauthorized access was the main contributor by a wide margin at 56%, followed by ransomware at 20%.
- Nearly 80% of disclosures specified the type of information compromised by the breach. Personal information was the most commonly compromised information (85%), with names, social security numbers, and email topping the list at 65%, 38%, and 31%, respectively.
- The time frame to discover a breach averaged 38 days (10 days at the median).
Timing of disclosure—from breach discovery to initial public disclosure—averaged nearly 100 days after discovery of a breach, with a median of 50 days.
Access additional information & resources on our Cybersecurity/Data Privacy page.
This post first appeared in the weekly Society Alert!