21 percent of S&P 500 companies reported breaches in 2023
According to the latest threat research from SecurityScorecard, 21 percent of S&P 500 companies experienced breaches in 2023.
The report shows that 25 percent of these breaches impacted financial services and insurance companies. Financial institutions have some of the most robust security programs because they have substantial money and assets. But the interconnected nature of the financial sector means that compromising one institution or commonly used product can lead to broader impacts across the entire industry.
Dr. Aleksandr Yampolskiy, CEO and co-founder of SecurityScorecard, says, "Regulatory pressure continues to grow, and companies need a unified definition of cybersecurity due diligence with clear metrics. Just as credit scores standardized the financial world, companies need a universal framework to measure cybersecurity risk and define materiality."
Among other findings 52 percent of companies had exposed personal information, leading to greater risk of social engineering attacks. Indeed social engineering is the most common risk factor (77 percent) for which S&P 500 companies receive their lowest scores. The exposure of employee information is a source of this vulnerability to social engineering attacks and was also the issue having the most negative impact on companies' scores.
Ransomware demands continue to grow too, now often reaching the eight figure range. S&P 500 companies are seen as particularly valuable targets based on their stock market value and demand accordingly high ransoms. Attackers know that bigger targets are typically capable of paying high demands.
The supply chain also represents a risk, SecurityScorecard research finds that 98 percent of companies have a relationship with a third party that has been breached.
"Companies are prioritizing vendor oversight after major supply-chain cyber attacks have affected thousands of businesses and breached data on millions of customers," says Ryan Sherstobitoff, senior vice president of threat research and intelligence. "The strength of a company's cybersecurity is directly linked to the security measures of even its smallest vendors."
The full report is available from the SecurityScorecard site.
Image credit: photonphoto/depositphotos.com