In our latest report, Trends in Cybersecurity Breach Disclosures, we delve into the trends and statistics of public company cybersecurity disclosures. Over the past ten years, cybersecurity has become increasingly important for public companies, as both business and commerce have become dependent on technology. Cyber threats from social engineering schemes to sophisticated software can put customer data, financial accounts, and even proprietary information at risk to third-party access.
Since 2011, we have seen a general trend of increasing cyber breaches affecting public companies. The growth in number of incidents has climbed to a high of 140 in 2019, an 11% increase from 2018 and a 400% increase since 2011.
In general, cyber incidents have not been discovered and reported in a timely manner. On average, it took firms 108 days to discover that a breach had occurred. Though, this number reflects that some breaches went undiscovered for years; the median number of days it took to discover an attack is 30 days, as of 2019.
Additionally, it took on average another 49 days, or a median of 30 days, for companies to report the breach.
Trends in Cybersecurity Breach Disclosures provides a deeper analysis on the timeframe for discovery and disclosure of cybersecurity incidents, as well as the type of information compromised, the number of attacks per company, and a breakdown of industries most commonly affected. Key findings include:
- There has been a proliferation in the number of cybersecurity breaches compromising Social Security numbers
- 43% of companies disclosing a cyber breach did not report the type of attack that was used to penetrate a company’s systems
- The most common type of cybersecurity incident involves malware, including ransomware, affecting 34% of companies that reported the type of attack
- Companies in the Services industry and the Manufacturing sector were the most likely to report a cybersecurity incident
Overall, cybersecurity is a growing threat for public companies and must be monitored and addressed with adequate resources depending on the specific circumstances of each company. Processes must be implemented to not only protect against cyberattacks, but also to detect cyber beaches and communicate critical and material information.
Subscribers to Audit Analytics can login and download the report from their dashboard; all others may access the report here.
For more information on Audit Analytics or our cybersecurity data, please contact us.
Interested in our content? Be sure to subscribe to receive our email notifications.