Study Reveals that Over 20% of S&P 500 Companies Experience Data Breaches in 2023 – SiliconANGLE

Study Reveals that Over 20% of S&P 500 Companies Experience Data Breaches in 2023 – SiliconANGLE

A new report out today from security ratings firm SecurityScorecard Inc. today on security at S&P 500 companies finds that 21% experienced a data breach in 2023, as new regulations heighten the urgency of cybersecurity.

The targeting of S&P 500 companies is said to be due to attackers chasing money, with ransomware operators viewing top companies as particularly valuable targets thanks to their market value and demand accordingly high ransoms. Attackers know that bigger targets are typically capable of paying high ransoms.

Of the S&P 500 companies that experienced a breach in 2023, 25% were financial services and insurance companies. Although the report notes that financial institutions have some of the most robust security programs given the substantial money and assets they handle, the interconnected nature of the financial sector means that compromising one institution or commonly used product can lead to broader impacts across the entire industry.

Among the companies breached, 52% of attacks involved companies that exposed personal information. Attackers are particularly focused on gaining access to employee information to facilitate social engineering attacks, with skilled threat actors able to combine various sources to tailor their social engineering attacks for maximum impact or to impersonate employees.

Perhaps not surprisingly, given the level of data exposure and attacks, the average social engineering risk grade for the S&P 500 was found to be a “F.” The report explains that social engineering poses a significant risk to many companies, even those with otherwise healthy risk profiles and strong security posture and that many threat actors use social engineering attack vectors because they enable attackers to circumvent technical security solutions by manipulating human users.

Other findings in the report include that ransomware demands from S&P 500 victims are now often in the eight-figure range, with ransomware operators basing their ransom demands on the company’s size in terms of the number of employees and market cap.

The report also warns that attackers are going through a company’s vendors and partners if they can’t access them directly. SecurityScorecard research has found that 98% of companies have a relationship with a third party that has been breached.

The findings come following the introduction of cybersecurity disclosure requirements mandated by the U.S. Securities and Exchange Commission in December. Companies are now required to disclose cybersecurity incidents, with some exceptions, within four days of their occurring.

Image: SecurityScorecard

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU

Source Reference

Latest stories