BakerHostetler’s Digital Assets and Data Management Practice Group this week released its 2025 Data Security Incident Response Report, which provides insight and analysis from more than 1,250 data security incidents managed by the firm this past year.
The 11th edition of the report, which features a deep dive into critical components of security incidents, paints a rather unusually upbeat picture, with key findings including:
- Companies are starting to win the battle against ransomware. Successful attacks are fewer. Time to restore is faster. Payments are lower.
- Forensic investigation costs dropped dramatically, marking a three-year low and a 30% reduction. In just the past two years, the average forensic costs for the 20 largest network intrusion matters declined from $550,000 to $273,000.
- Less malware is being used. Use of compromised credentials is more prevalent. So identity access management and access controls are even more important.
- Post-data breach class action filing frequency was slightly less than the year before (lawsuits were filed after 51 out of 518 disclosed incidents compared with 58 out of 493 disclosed incidents in 2023). This was the first year in the past five without an increase.
- Wire fraud impact grew. The total amount of fraudulent transfers grew by over 300%, from $35 million in 2023 to $109 million in 2024. The average fraudulent wire transfer was over $1 million.
- Healthcare continued to be the industry with the most incidents (36%).
Interestingly, AI hasn’t yet shown up prominently in attacks yet, according to the report.
“It is correct but also misleading to say that the cybersecurity risk landscape is dynamic,” said Theodore J. Kobus III, chair of BakerHostetler’s DADM Practice Group. “New threats and variations on old schemes emerge, but many of the underlying tactics and methods have not changed in years. We produce the DSIR Report to illustrate nuances that make a difference in understanding the risk landscape (both likelihood and impact) and share insights from the full suite of advisory services the firm provides across the entire data and technology life cycle.”
In terms of ransomware, Baker Hostetler said that with better backup strategies, organizations rarely need to pay for a decryptor. More often, they are paying to prevent publication of stolen data; on average, the amount of such payments is lower than when a decryptor is needed. The average ransom paid dropped 33% in 2024 to $501,388 (down from $747,651 in 2023).
However, the total amount of fraudulent fund transfers more than tripled from 2023 to 2024 — increasing from $35 million to $109 million. These include successfully diverted wires, direct deposits and ACH payments. The average fraudulent transfer amount also surged from $430,445 in 2023 to $1,256,797 in 2024. The top two industries targeted were business and professional services and finance and insurance, with just over 50% of the wire fraud matters affecting those two industries.
The median time from initial account access to discovery of the fraudulent fund transfer was significantly higher when compared with all incidents generally (18 days compared with three days). This lag in discovery significantly impacts the ability to recover funds.
You can download the report for free HERE