BakerHostetler’s 2020 Data Security Incident Response Report Shows Phishing Still No. 1 Cause of Data Incidents, Ransomware Attacks on the Rise

Firm’s sixth annual report shares insights and statistics from more than 950 incidents managed in 2019

May 1, 2020

4 Min Read


WASHINGTON – April 30, 2020 – BakerHostetler released its sixth annual Data Security Incident Response (DSIR) Report, which contains incident response metrics and related insights from over 950 incidents the firm helped clients manage in 2019. The DSIR Report also addresses the data breach litigation landscape and cybersecurity strategy. The intent of the DSIR Report is to use incident response data to demystify incident response and serve as a resource to help organizations use risk-prioritized decision-making to take practical steps to improve their cybersecurity posture and operational resiliency.

“This year’s DSIR Report provides an enlightening analysis of the cyber landscape before COVID-19 came into the picture. Threats continue to evolve, and the compromise intelligence our report offers can help organizations with their preparation efforts,” said Theodore J. Kobus III, chair of BakerHostetler’s Digital Assets and Data Management Practice Group. “Cyber criminals are already taking advantage of the situation created by COVID-19, and employees will inadvertently expose sensitive data or facilitate a ransomware attack. Organizations are rapidly evolving their working from home (WFH) guidelines due to the stay-at-home orders around the globe.” 

Unique among law firms, the DSIR Report includes comparative statistics for key areas of concern in privacy, cybersecurity and compliance for organizations of all sizes and in all industries – especially healthcare, finance, insurance, education, professional services, energy, government, manufacturing, technology, retail and hospitality.

“Every organization is – in some form – a technology organization dealing with data. The issues highlighted in this year’s report are central to all organizations’ operations, which have become increasingly more regulated,” said Kobus. “Our report provides insights on the myriad issues that organizations face and can help them limit their digital risk exposure.”
Trends in incident cause and response metrics in 2019:

  • For the fifth year in a row, phishing remained the leading cause of incidents at 38%. 

  • Ransomware attacks are up, and there is no foreseeable slowdown. All industries segments are impacted, with top targets in manufacturing, professional services, healthcare, education and government.

  • The average cost of forensics investigations is decreasing because of increased reliance on technology.

  • More organizations are self-discovering incidents. 

  • Healthcare breaches continue to attract regulatory scrutiny.

“Until you have worked through the investigation of an incident, it is hard to appreciate the practical challenges organizations face in quickly and accurately determining what occurred so notification obligation decisions can be made, and appropriate communications prepared. Over and over, we have leveraged these response timeline metrics to guide clients on setting appropriately aggressive response time plans, context for how peers performed, and after the incident is over, identify opportunities for improvement,” explained Kobus.

The 2020 DSIR Report also includes informative sections on the History of Problems, Litigation, Healthcare Regulatory Investigations and Implementation of “Reasonable Security.”

Other Key Findings Include:

  1. Properly implemented multi factor authentication (MFA) significantly reduces risk, yet many organizations are still not utilizing it.

  2. Privacy and security are board-level issues, and boards like metrics, so providers and organizations are increasingly using them to engage with executives and boards on risk-based approaches to these issues.

  3. The ransomware epidemic has brought business continuity and resilience to the forefront.

  4. Ransomware forces new targets like manufacturing, schools, municipalities, professional services and other industries that were not targets in the past (because they did not have data worth stealing) to prioritize and fund enhancements to their cybersecurity measures. 

  5. Each year, new risks emerge, and there are new tactics, techniques and procedures (TTPs). It is important to watch what is happening to others and adapt.

Earlier this year, BakerHostetler launched the Digital Assets and Data Management Practice Group, which marshals the strength of seven service delivery practices, and the firm’s innovative legal technology R&D team, IncuBaker, to provide clients enterprise risk solutions. The DADM Group provides comprehensive counsel on the full range of complex and evolving issues associated with data and technology, including digital innovation, e-commerce, fintech, cybersecurity, consumer privacy, transactions, governance, risk management and more.

About BakerHostetler
Recognized as one of the top firms for client service, BakerHostetler is a leading law firm that helps clients around the world address their most complex and critical business and regulatory issues. With six core practice groups – Business, Digital Assets and Data Management, Intellectual Property, Labor and Employment, Litigation, and Tax – the firm has nearly 1,000 lawyers located coast to coast. For more information, visit



Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights