During 2016, our BakerHostetler privacy and data protection team worked on data security incidents across virtually all industries. For the second year in a row, phishing/hacking/malware attacks have accounted for the largest percentage of incidents handled by our team. Specifically, security incidents arising from phishing/hacking/malware made up 43 percent of all security incidents we handled last year – a 12 percent jump from 2015 – with ransomware attacks (i.e., events where malware prevents or limits users from accessing their system until a ransom is paid) accounting for nearly a quarter of such incidents.

With the adoption of new technologies, the collection and use of larger amounts of data, and the increasing sophistication of cyber-attackers, the risk landscape for companies drastically changes from year to year. Last year saw the first security incident to affect more than 1 billion accounts, as well as a reported increase of more than 500 percent in ransomware attacks. While investing in network security and breach detection technologies is an essential component to building an effective cybersecurity strategy, companies must also take enterprise-wide steps to ensure that everyone, from executives to front-of-house employees, is involved in risk-reducing behaviors. In our 2017 Data Security Incident Response Report, the BakerHostetler incident response team looked back at the more than 450 incidents that we handled in 2016 to identify the top causes of security incidents across industries. DPM04252017 This year, phishing/hacking/malware, including ransomware, remained the leading cause of security incidents (43 percent), followed by employee action/mistake (32 percent), lost or stolen device or records (18 percent), other criminal acts (4 percent), and finally internal theft by employees (3 percent). The 43 percent of security incidents arising from phishing/hacking/malware represents a 12 percent jump from 2015, in which phishing/hacking/malware was also ranked as the leading cause across all industries except healthcare. In 2014, the top cause for security incidents was employee action and/or mistake (i.e. human error), which currently remains the largest cause of incidents in the finance and insurance industry and holds the second spot across industries overall.

Attackers are increasingly relying on phishing and malware-containing emails to bypass an organization’s network security to access sensitive data, and are often using ransomware to monetize such activities. While there is no one-size-fits-all approach to cybersecurity readiness, when attempting to protect against phishing/hacking/malware incidents, an organization’s cybersecurity strategies must contain technical, administrative, and procedural safeguards, in addition to robust employee training. Failing to address the human component of data protection can easily negate an organization’s cyber-defense efforts.