2023 Data Security Incident Response Report Get the Full Report

Threat Actors Adapt.

Organizations have strengthened security measures and become more resilient, but threat actors are still finding ways through. MFA bombing, social engineering, EDR-evading malware, sophisticated credential stuffing techniques – you name it, they’re trying it.

Post Data Breach Lawsuit Filing More Prolific.

Lawsuits are being filed more frequently after a data breach incident is disclosed. And they are being filed in smaller matters (fewer than 10,000 individuals affected).

But the More Things Change, the More They Stay the Same.

Network intrusions were still the most common type of incident, and threat actors typically gain access in the same old ways – phishing, unpatched vulnerabilities, etc.

Uncle Sam Gains Ground on Ransomware.

Law enforcement attacked the ransomware issue by imposing sanctions on groups (Conti), groups that facilitated initial network access (Trickbot operators), and a service that protected payments (the Blender.io virtual currency mixer). Additional measures were used to disrupt groups that drew attention (Hive).


You’ve implemented MFA, but Bob in Accounting inadvertently approved the MFA prompt. Good controls can be defeated by untrained (and trained) employees.

BECs on the Decline?

Despite years of business email compromises leading to fraudulent wire transfers (and years of guidance on how to avoid them), BECs surged in 2021. In 2022, the overall number and dollar value of fraudulent transfers decreased from the prior year.

DeFi and SDLC.

With some of the largest crypto thefts in 2022 resulting from code-related issues, the software development life cycle is more important than ever: companies in this space should be sure to adopt – and follow – a secure coding process to lower the likelihood of significant hacks and thefts.

Don’t Sleep on Compliance – Regulators Aren’t.

In Europe and elsewhere, there has been a rise in investigations into organizations’ privacy compliance programs unprompted by a breach notification. Get your privacy compliance house in order before a regulator comes knocking.

It’s Not Just California Anymore.

Four other states enacted privacy legislation in 2022, and one more just announced legislation in 2023. Are you taking a holistic approach to compliance?

On Again, Off Again - And On Again.

Most ransomware groups may have been busy doing something else in early 2022, but they returned with a vengeance at the end of the year and into 2023.

Key IR Metrics Improve.

Companies are getting quicker at identifying – and containing – network intrusions. Preparation counts.

Is That a Pixel in Your Eye?

Or is it just on your webpage? Pixel litigation has surged. Ensure you know what website technologies are in place and why.

Forensic Investigation Costs Increased, Too.

By 20% on average in network intrusion matters, which does not include business interruption costs, data review and notice costs, indemnity claims, etc.

Average Ransom Paid Increased.

After three years of increasing average amounts followed by a decrease in the average ransom paid in 2021, we saw a 15% increase in 2022.

The Long Road to Recovery.

The average time to recover after a ransomware incident increased across all industries. Do you have a business continuity plan, and have you tested it in production?

Don't Be a Hoarder.

Please. We've asked so nicely before. Get rid of your old data. No one wants to notify decades of former employees and regulators are asking questions about the age of data involved in incidents.