Protiviti has shared a useful summary of the latest Verizon Data Breach Investigations Report (DBIR), which is available from Verizon here.
The good news was put well by Protiviti:
One of the surprises in this year’s report is that organizations are discovering 60 percent of data breaches in days or less and containing 80 percent of breaches in the same timeframe.
As Protiviti says:
Verizon highlights that this is due to more breaches being detected by managed security providers, and not necessarily an improvement of internal detection and containment capabilities.
The Verizon report has a wealth of detail but it is awkward to navigate. So I suggest reading the Protiviti summary first.
One of the Verizon points which is of tremendous importance, although it is hidden in the middle of the Results and Analysis section[1], is this:
Last year, we looked at the median impact cost for incidents reported to the FBI IC3. With regard to business email compromises (BEC), we noticed that most companies either lost $1,240 or $44,000 with the latter being slightly more frequent (Figure 32).
Also, last year we stated that when “the IC3 Recovery Asset Team acts upon BECs, and works with the destination bank, half of all U.S.-based business email compromise victims had 99% of the money recovered or frozen; and…
