Many of the world's biggest companies reported data breaches last year

Bad security practices and good reporting regulations created a perfect storm

05 Apr 2024, 11:15 · TechRadar

News By Sead Fadilpašić published 5 April 2024

Image Credit: Pixabay (Image credit: Pixabay)

A fifth of the companies listed on the S&P 500 index suffered a cyberattack in 2023, a report from SecurityScorecard has claimed, stating a mix of poor cybersecurity practices, high company valuations, and stringent regulations, resulted in such alarmingly high statistics.

SecurityScorecard says that 21% of these companies experienced a breach, as they are “particularly valuable” targets to cybercriminals based on their stocks’ market value.

Of all the successful breaches, a quarter (25%) happened in Financial Services and Insurance companies. Furthermore, half (52%) exposed personal information.

Regulatory pressure

SecurityScorecard did not cut these organizations any slack, either. The average Social Engineering risk grade for these enterprises is an “F”, signaling that most of them are relatively easy to breach with a little social engineering. Usually, the attackers would combine various sources and gain access to plenty of employee information, which they would later use in tailor-made social attacks. In some instances, the attackers would even impersonate certain individuals to make the attack as convincing as possible.

Finally, another important reason for such a high number of reported breaches are “landmark cybersecurity regulations” introduced by the U.S. Securities and Exchange Commission (SEC) late last year. These regulations require organizations to publicly disclose any cybersecurity incidents with a material impact within four days.

“Previously, there were very few breach reporting requirements,” the researchers said, “which left government officials, policymakers, and investors without key information on cybersecurity incidents.”

“Regulatory pressure continues to grow, and companies need a unified definition of cybersecurity due diligence with clear metrics,” said Dr. Aleksandr Yampolskiy, CEO and Co-Founder, SecurityScorecard. “Just as credit scores standardized the financial world, companies need a universal framework to measure cybersecurity risk and define materiality.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors