Discover Insights

Add Your Heading Text Here

Trademark Infringement: Super Heroes, The Beatles, and Fashion Versus Food 

Company Security Breaches: Threats, Trends, and Guidance 

Evolving ransomware attacks, exploitation of vendor systems, and a rise in insider threats, to name a few—organizations are spending more money than ever on cybersecurity due to a record rise of reported company security breaches to 3,205 in 2023, up 78% from 2022, according to Identity Theft Resource Center research.  

What’s behind the rise in company security breaches, and how can companies best respond? First, we’ll look at what a security breach is, common types, and guidance based on new cybersecurity rules and frameworks.  

What is a company security breach 

A company security breach is any incident that results in unauthorized access to computer systems, networks, applications, networks, or devices which results in information being accessed, stolen, leaked, destroyed, or exposed without authorization. This information may include personally identifiable information (PII) like social security numbers, financial information, health records, or other sensitive data.  

Company security breaches are on the rise  

According to Statista, the number of data breaches in the U.S. has significantly increased, from a mere 447 in 2012 to more than 3,200 in 2023. In the same year, over 350 million individuals were affected by data compromises, including data breaches, exposure, and leakage.  

The leap in company data breaches took off during the COVID-19 pandemic, when cybercriminals targeted victims in remote working environments, and cyber scams increased 400%.   

Today, the most vulnerable sectors are healthcare, finance, and retail, and company data breaches have affected millions of patients, users, and customers each year. Healthcare data record breaches, for example, skyrocketed nearly ten-fold in the U.S. alone from 5.3 million in 2017 to 51.4 million.   

What are common types of company security breaches? 

The most common cyber-attacks used in company security breaches are highlighted below.  

Stolen information 

This type of company security breach can result from careless errors, such as an employee leaving a phone or file at a café and having it stolen. As just one example, Apple fell prey to a breach when a careless employee left a prototype of one of their new iPhones unguarded, and within hours, the yet-to-be-released phone specs had been leaked over the web.  

Ransomware 

In a ransomware attack, users get messages stating that the data on their devices are now encrypted, denying access to the data. You can only get your data back (and not release it to the public) if you pay the perpetrator a fee. Crypto-ransomware is the most common type; perpetrators encrypt the data, information, or files on the victim’s device. The 2017 WannaCry ransomware attack is one of the most notorious in history, targeting Microsoft Windows operating systems and affecting more than 230,000computers in 150+ countries. The estimated loss was $4 billion.  

Phishing 

Phishing attacks come from third-party hackers who create sites that look genuine. If you log in without realizing you’re not logging on to the real site, you may end up inadvertently giving your hacker your password! One of the worst phishing attacks in history involved Facebook and Google. Lithuanian Evaldas Rimasauskas stole over $100 million from the companies by creating a seemingly authentic forged email account with Quanta Computer, a business partner of Facebook and Google. By sending phishing emails with fake invoices to employees at these companies, they stole more than $100 million.  

ILOVEYOU! Malware and viruses 

Ever receive an email asking you to click on a link? This could be an example of malware, which is sent to people with the goal of wiping their computer of all data. One of the earliest forms of malware using social engineering, The ILOVEYOU computer virus attacked tens of millions of Windows personal computers, and is estimated to have caused at least $5.5 billion in damages worldwide!  

Distributed denial-of-service (DDoS) 

A DDoS company security breach tends to target larger organizations, and occurs when a highly coordinated attack is launched simultaneously from many sources. When systems are attacked, employees will not be able to sign into their work systems, forcing the company to (temporarily) shut down—on average, for 68 minutes. In recent years, Google, Microsoft, Amazon, and GitHub all have experienced DDoS attacks that highjacked their servers and systems. 

Brute-force attacks 

This type of company security breach is actually nothing more than password guessing. If your password is too easily guessable, like your pet’s name, it can be stolen. The perpetrator can then get into your system and find any type of sensitive information.  

Insider leaks 

Insider leaks cannot be overlooked as major source of company security breaches. In fact, 83% of data breaches in 2022 involved internal bad actors. The largest? To date? Between 1996 and 2006, an employee of Boeing stole $2 billion worth of aerospace documents and gave them to China.  

Guidance on security breach response  

As companies face increasing threats from malicious actors, cybersecurity has become an important agenda item for boards. Against this backdrop, several authoritative bodies have issued guidance on new cybersecurity reporting requirements and response guidelines.  

Several notable ones are outlined below:  

Prepare for a company security breach, early and often  

A well thought out plan is the best way to prepare and respond to cyber incidents–not only to meet regulatory compliance obligations but also to minimize negative impact to your brand and revenue. Organizations can implement strategies and best practices to plan for, and respond to, a cyber incident—from building the right team to regularly auding data retention policies, creating and testing tabletop exercises, and more.  

UnitedLex can help organizations augment their cyber incident response by providing rapid insight into the potential severity, and quickly defining the extent of exposure and the obligations to the company, customers, employees, and third parties.  Let’s talk.    

Related Content

Patent Prosecution Optimization  

Explore essential strategies to simplify patent prosecution, eliminate bottlenecks, and align filings with business objectives.

Portfolio Optimization: Best-Practices Strategies to Maximize Value 

Enhance your IP portfolio using effective strategies to mitigate risks and promote sustained growth in a competitive environment.

Intellectual Property Rights Explained 

Explore why IP rights matter and how to safeguard them effectively.

Intellectual Property Law: How It Protects Consumers, Enterprises, Governments, and the Economy  

Understand how intellectual property law protects consumers, businesses, and the economy from counterfeit products and IP violations.

Industry Briefing with Professor Richard Susskind