BakerHostetler presents its 11th annual Data Security Incident Response Report — the only law firm report of its kind — which provides valuable insights and statistics drawn from the firm’s experience guiding clients through more than 1,250 data security incidents in 2024.
WASHINGTON —April 15, 2025 — BakerHostetler’s internationally recognized Digital Assets and Data Management Practice Group released its 2025 Data Security Incident Response Report, which provides insight and analysis from more than 1,250 data security incidents managed by the firm this past year. The 11th edition of the report — a one-of-a-kind publication from a law firm — features a deep dive into critical components of security incidents (e.g., response timeline, average ransom payment amount, frequency of litigation) as well as an examination of trends in litigation, privacy, artificial intelligence, web tracking, the regulatory landscape and more. It provides organizations around the globe with metrics to make data-driven decisions before, during and after security incidents.
Key takeaways:Companies are starting to win the battle against ransomware. Successful attacks are fewer. Time to restore is faster. Payments are lower.Forensic investigation costs dropped dramatically, marking a three-year low and a 30% reduction. In just the past two years, the average forensic costs for the 20 largest network intrusion matters declined from $550,000 to $273,000.Less malware is being used. Use of compromised credentials is more prevalent. So identity access management and access controls are even more important.Post-data breach class action filing frequency was slightly less than the year before (lawsuits were filed after 51 out of 518 disclosed incidents compared with 58 out of 493 disclosed incidents in 2023). This was the first year in the past five without an increase.Wire fraud impact grew. The total amount of fraudulent transfers grew by over 211%, from $35 million in 2023 to $109 million in 2024. The average fraudulent wire transfer was over $1 million.Health care continued to be the industry with the most incidents (36%).
Key quote
“It is correct but also misleading to say that the cybersecurity risk landscape is dynamic. New threats and variations on old schemes emerge, but many of the underlying tactics and methods have not changed in years. We produce the DSIR Report to illustrate nuances that make a difference in understanding the risk landscape (both likelihood and impact) and share insights from the full suite of advisory services the firm provides across the entire data and technology life cycle,” said Theodore J. Kobus III, chair of BakerHostetler’s DADM Practice Group. “We are proud that the report has become a must-read resource for organizations worldwide as they develop privacy and cybersecurity strategies to manage the risks associated with data.”
Ransomware impact less severe
It is rare that our clients experience more than one ransomware attack. After more than five years of attacks, many organizations have experienced one and learned the lessons to prevent a second. Law enforcement continues to be effective at disrupting the operations of ransomware groups. The report shows that the most active groups rarely remain at the top for more than a year. Organizations are more resilient. With better backup strategies, organizations rarely need to pay for a decryptor. More often, they are paying to prevent publication of stolen data; on average, the amount of such payments is lower than when a decryptor is needed. The average ransom paid dropped 33% in 2024 to $501,388 (down from $747,651 in 2023).
Original source can be found here.