For those who may not know, Washington State produces its own data breach report annually. Here’s a snippet from their report:
In 2019, the total number of breaches reported to our office
increased by nearly 20%, with just over 70% resulting from a malicious cyberattack.
Yep, the percentage increase in number of incidents/reports sounds about right.
The lifecycle of breaches increased dramatically, rising from an overall average of 139 days in 2018 to 277 days in 2019. This was largely driven by a huge in spike in the amount of time it took organizations to discover that a breach had occurred.
Interesting, because ransomware attacks are recognized quickly, but may take longer to resolve. Similarly, it may take entities months to find out who had PII in an employee’s email account that had been compromised.
So there’s lots to think about and talk about. You can access the state’s 2019 report here. What I found stunning was the number of breaches reported to the state for a one-year period. But then, the number of reports is at least partly a function of how state law defines a reportable breach.