Twenty-one of S&P companies have been subjected to data breaches in 2023, indicating the firms' attractiveness as cyberattack targets due to the lucrative business they bring to threat actors, reports SiliconAngle.
Despite having more comprehensive security systems, financial services and insurance organizations accounted for a quarter of the breached companies last year while more than half of cyberattacks involved personal data compromise, according to a report from SecurityScorecard, which provided an "F" score on social engineering risk for S&P 500 firms due to the findings.
The report also showed that ransomware-hit S&P 500 organizations were demanded to pay an eight-figure ransom on average, with ransom amounts calculated based on the market cap and workforce size of targeted companies. Moreover, most companies were found to be involved with a breached third party, suggesting the increasingly prevalent targeting of corporate vendors and partners to facilitate systems compromise.
Such findings follow new Securities and Exchange Commission breach notification rules mandating cyber incident disclosures within four days of discovery.
