Tapping into a topic of great interest to all organization types, sizes, and industries, Audit Analytics’ annual “Trends in Cybersecurity Breach Disclosures” captures more than a decade of data on cyber breaches based on public company disclosures.
Noteworthy takeaways for 2022 include:
- Of the 125 cybersecurity breaches disclosed in 2022 (down from 195 breaches disclosed in 2021) by 111 public companies (of more than 7,000 SEC registrants total), 34% were initially disclosed in SEC filings—most commonly in a Form 8-K or Form 6-K (52%).
- Of the 48% that made their initial disclosure in a periodic report, 100% made disclosure in the Risk Factors section.
- 90% of disclosures specified the type of attack that caused the breach. Unauthorized access was the main contributor by a wide margin at nearly 70%, followed by ransomware at 17%.
- More than 80% of disclosures specified the type of information compromised by the breach. Personal information was the most commonly compromised information as a result of a breach (93%), with names, social security numbers, and bank account information topping the list at 77%, 62%, and 36%, respectively.
- The time frame to discover a breach averaged nearly 80 days (20 days at the median).
Timing of disclosure (from breach discovery to initial public disclosure) averaged about 96 days after discovery of a breach, with a median of 67 days.
Access additional information & resources on our Cybersecurity/Data Privacy page.
This post first appeared in the weekly Society Alert!