Ride the Lightning

BakerHostetler’s 2021 Data Security Incident Response Report Released

May 12, 2021

BakerHostetler’s 2021 Data Security Incident Response Report was released in May, featuring insights and metrics from the response to more than 1,250 incidents the firm helped clients manage in 2020. The data and analysis in the report can be used by organizations to identify and quantify likely risks and to develop a prioritized security and compliance road map.

The DSIR Report is produced by BakerHostetler’s Digital Assets and Data Management (DADM) Practice Group. This convergence practice addresses enterprise risks, disputes, compliance and opportunities through the life cycle of data, technology, advertising and innovation, including marketing strategies and monetization. The DADM Group’s compromise response intelligence helps clients understand what leads to an incident, how to resolve issues and addresses the potential for regulatory and litigation risks.

“The pandemic and changing technology trends have disrupted the way organizations operate, and the incident response industry was no exception. Our clients and industry relationships rely on the DSIR Report for access to the metrics and insight across the digital landscape to improve their products/services and identify measures to enhance their cybersecurity posture and operational resilience,” said Theodore J. Kobus III, chair of BakerHostetler’s DADM Practice Group. “Each year we add features based on key issues and trends our team has identified, in order to help organizations, develop solutions to the issues data and technology create. This year’s report includes features on ransomware and cybersecurity supply-chain risks.”

Trends in incident cause and response metrics in 2020 include:

• Network intrusion was the leading cause of incidents in 2020 at 58%, displacing phishing, which had been the No. 1 cause in the five previous years.
• Ransomware attacks continued to grow in frequency and severity – ransoms demanded and paid increased drastically. In 2020, incidents involved 75 threat actor groups/variants, compared with 15 in 2019
• The Incident Response Timelines was impacted by complication from the pandemic, with Discovery to Notification times increasing to a mean of 92 days for network intrusions compared to 70 days in 2019 and a prior three-year mean of 87 days
• The average forensic investigation costs for all types of incidents was $55,960. The average forensic cost for network intrusions was $75, 289, with the average for the largest 20 network intrusions at $464,234
• There were 543 incidents requiring notifications, with 20 lawsuits filed in those cases
• Regulatory inquiries were made in 29% of incidents

“In 2020 we saw a continued surge in ransomware as well as an increase in large supply chain matters, further stretching the capacity of the incident response industry,” said Kobus. “Organizations worked to quickly contain incidents – despite challenges in simply getting passwords changed and endpoint, detection and response tools deployed to remote workers. Companies with international operations contended with cross-border and regional restrictions on personnel movement. Getting access to facilities to obtain forensic images was a challenge. Necessity, and experience, drove creative solutions.”

And for the first time, the report breaks ransomware stats down by industry, including healthcare, manufacturing, financial services and hospitality. Also included is a checklist for companies to use during the first day responding to a ransomware matter.

Always enjoy reading the stats. I was particularly interested, although not surprised, that network intrusions are now the leading cause of cyber incidents.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email:  Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson