Cybersecurity incidents at public companies soared last year, with the number of reported breaches reaching levels not seen since 2011, according to a recent report.
The
"This data is vulnerable. Companies must install information security systems and monitor cybersecurity controls to protect their organizations from breaches or attacks. Adding to these concerns, cybersecurity threats are becoming increasingly advanced," said the report introduction.
The actual figures could well be higher than even the record-breaking levels seen in this report, as it can take a while before a company even knows that it has been breached. In 2021, the report said, it took an average of 42.2 days for a breach to be discovered, which is still a slight improvement over the previous year's 56.6 days. The longest amount of time for a breach to be discovered last year was 373; in 2020, the longest time to discovery was 518 days.
The report also pointed out that it's taking longer for companies to disclose incidents once they are discovered: In 2021, it took an average of 79.8 days to report a breach; in 2020, it took about 60.6 days, nearly three weeks less. They're also not necessarily disclosing all the relevant details of the breach, as only 56% of companies disclosed when an incident was first discovered (which is still a vast improvement from the 12.8% who did so in 2012), and only 8.5% disclose specific costs, and this is actually on a downward trend from previous years from a 26% high in 2014. The report said this trend is likely because there is less information about newer incidents.
Only 16 companies total in 2021 disclosed the cost of their incidents; of those that did disclose, 9 companies said costs exceeded $1 million or more.