Incident Response Trends - At a Glance

Incident Type

Network Intrusion

45%

Business Email Compromise

30%

Inadvertent Disclosure

12%

Intentional Access/Disclosure

Lost, Stolen, or Improperly Disposed Devices or Records

System Misconfiguration/ Accessible Cloud Asset

Account Takeover

Root Cause

Root Cause Unknown 26

Phishing 25

Other (e.g., Pixel, Device Theft, Skimmers) 14

Unpatched Vulnerability 11

Social Engineering 5

Other Human Error (e.g., Unintended Recipient) 5

Employee Abuse of Access Privileges 4

Misconfiguration 4

Open RDP 3

Brute Force/Credential Stuffing 3

Root Cause Unknown 26

Phishing 25

Other (e.g., Pixel, Device Theft, Skimmers) 14

Unpatched Vulnerability 11

Social Engineering 5

Other Human Error (e.g., Unintended Recipient) 5

Employee Abuse of Access Privileges 4

Misconfiguration 4

Open RDP 3

Brute Force/Credential Stuffing 3

“While business email compromises increased in 2022, fraudulent wire transfers decreased. Moreover, the frequency of network intrusions decreased until the end of 2022, when we saw a dramatic increase, primarily due to an uptick in ransomware.”

What Happens After Access

Ransomware Deployment

28%

Theft of Data/Exfiltration

24%

Email Account Access

21%

Installation of Malware

13%

Wire Fraud/Direct Deposit Fraud

13%

Snooping

Theft of Trade Secrets

Use of Resources (e.g., Cryptomining)

Other (i.e., Credentials on the Dark Web, Espionage, W-2 Scam)

<1%

Industries Affected

Healthcare (including Biotech & Pharma) 24

Finance & Insurance 17

Business & Professional Services (including Engineering, Transportation, and Managed Service Providers) 15

Retail, Restaurant, & Hospitality (including Media & Entertainment) 10

Education 9

Manufacturing 8

Government 7

Technology 4

Non-Profit 4

Energy 1

Other 1

Healthcare (including Biotech & Pharma) 24

Finance & Insurance 17

Business & Professional Services (including Engineering, Transportation, and Managed Service Providers) 15

Retail, Restaurant, & Hospitality (including Media & Entertainment) 10

Education 9

Manufacturing 8

Government 7

Technology 4

Non-Profit 4

Energy 1

Other 1

16% of our 1,160+ matters involved vendor incidents.

Entity Size by Annual Revenue

$1M-$10M

17%

$11M-$100M

29%

$101M-$500M

16%

$501M-$1B

10%

$1B-$5B

23%

> $5B

Notifications vs. Lawsuits & Regulatory Inquiries

494

Notifications (44% of matters)

153

Regulatory Inquiries

42

Lawsuits Filed

47,851

Average Number of Individuals Notified

Average Forensic Investigation Costs

$58,009

All Incidents

$90,335

Network Intrusion Incidents

$550,987

20 Largest Network Intrusion Incidents

Average Ransom Demand & Payment

$3,713,939

Ransom Demand

$600,688

Ransom Payment

Incident Response Trends – At a Glance

Incident Type

Root Cause

“While business email compromises increased in 2022, fraudulent wire transfers decreased. Moreover, the frequency of network intrusions decreased until the end of 2022, when we saw a dramatic increase, primarily due to an uptick in ransomware.”

What Happens After Access

Industries Affected

16% of our 1,160+ matters involved vendor incidents.

Entity Size by Annual Revenue

Notifications vs. Lawsuits & Regulatory Inquiries

494

153

42

47,851

Average Forensic Investigation Costs

$58,009

$90,335

$550,987

Average Ransom Demand & Payment

$3,713,939

$600,688

Industries Affected