This denotes a shift from the previous year's study which found human error as the primary cause. Either way, the study found, cybersecurity must remain a top priority for enterprises. The study from the 100-year-old national law firm analyzed more than 300 incidents it helped manage in 2015 to determine causes of incidents, industries most affected and what happens after a security incident is detected – from containment, to notification, to regulatory investigations and lawsuits.
“Being ‘compromise ready' better positions companies to respond to data security incidents faster, contain the threat and potentially lessens the severity of these events,” said Theodore Kobus, chair of the Privacy and Data Protection team at BakerHostetler, in a release. The report, he added, hopes to increase awareness and presents action items security pros should take to their boards of directors to plan for the inevitable data security incident.
The report's findings reveal that the primary cause of incidents were phishing/hacking/malware (31%), employee actions/mistakes (24%), external theft (17%), vendor-related incidents (14%), internal theft (8%), and lost or improper disposal (6%).
It also found that no industry is immune: the healthcare industry (23%) was most affected, while the next highest targets were financial services (18%) and education (16%).
The length of time from when an incident first began until it was detected ranged from zero days to more than 400 days, with the average for all industries 69 days (the health care sector took nearly twice as long as other industries). The average amount of time from discovery to containment was seven days, the study found.
“Every company should be constantly focused on preventing, detecting and having the right capabilities in place to respond to incidents,” Craig Hoffman, a partner in the Privacy and Data Protection Team at BakerHostetler, said in a release. "Accepting that incidents are inevitable does not mean that you stop trying to prevent them."
In addition to reducing risk profiles through information governance and implementing preventative security measures, Hoffman said that to respond effectively companies must focus on adapting measures to changing risks along with faster detection and containment.
The key to successful and rapid containment, Kobus added, is to plan for the inevitable incident.
