This question was recently posed to us by a client, but it’s difficult to put a number on that question as a definitive answer. The problem is that not all businesses report their incidents to the state’s attorney general’s office, and not all have cyber insurance. As a result, the businesses involved don’t have their events get documented. For example, we’ve written about multiple recent security incidents and most of the clients involved did not have cyber insurance and none reported to the AG’s office, so there’s no record of any of them.
However, there are many good sources for statistical information. Some key numbers to keep in mind include:
- Ransomware (41%), funds transfer loss (27%), and business email compromise incidents (19%) were the most frequent types of loss — accounting for 87% of reported incidents and 84% of claims payouts in the first half of 2020, according to Coalition.
- Baker Hostetler report that Network intrusion was the leading cause of incidents in 2020 at 58%, displacing phishing, which had been the No. 1 cause the five previous years. Also, ransomware attacks continued to grow in frequency and severity – ransoms demanded and paid increased drastically. In 2020 our incidents involved 75 threat actor groups/variants, compared with 15 in 2019.
- Almost a third or 28% of data breaches in 2020 involved small businesses according to the Verizon Business 2020 Data Breach Investigations Report (2020 DBIR).
If you’re interested in more information, you can explore these statistics in the following source articles: