BakerHostetler has released its sixth annual Data Security Incident Response (DSIR) Report, which contains incident response metrics and related insights from over 950 incidents the firm helped clients manage in 2019. The DSIR Report also addresses the data breach litigation landscape and cybersecurity strategy. The intent of the DSIR Report is to use incident response data to demystify incident response and serve as a resource to help organizations use risk-prioritized decision-making to take practical steps to improve their cybersecurity posture and operational resiliency.
“This year’s DSIR Report provides an enlightening analysis of the cyber landscape before COVID-19 came into the picture. Threats continue to evolve, and the compromise intelligence our report offers can help organizations with their preparation efforts,” said Theodore J. Kobus III, chair of BakerHostetler’s Digital Assets and Data Management Practice Group. “Cyber criminals are already taking advantage of the situation created by COVID-19, and employees will inadvertently expose sensitive data or facilitate a ransomware attack. Organizations are rapidly evolving their working from home (WFH) guidelines due to the stay-at-home orders around the globe.”
Unique among law firms, the DSIR Report includes comparative statistics for key areas of concern in privacy, cybersecurity and compliance for organizations of all sizes and in all industries – especially healthcare, finance, insurance, education, professional services, energy, government, manufacturing, technology, retail and hospitality.
“Every organization is – in some form – a technology organization dealing with data. The issues highlighted in this year’s report are central to all organizations’ operations, which have become increasingly more regulated,” said Kobus. “Our report provides insights on the myriad issues that organizations face and can help them limit their digital risk exposure.”
Trends in incident cause and response metrics in 2019:
“Until you have worked through the investigation of an incident, it is hard to appreciate the practical challenges organizations face in quickly and accurately determining what occurred so notification obligation decisions can be made, and appropriate communications prepared. Over and over, we have leveraged these response timeline metrics to guide clients on setting appropriately aggressive response time plans, context for how peers performed, and after the incident is over, identify opportunities for improvement,” explained Kobus.
The 2020 DSIR Report also includes informative sections on the History of Problems, Litigation, Healthcare Regulatory Investigations and Implementation of “Reasonable Security.”
Other Key Findings Include: