A recent report from SecurityScorecard reveals that 21% of S&P 500 companies suffered data breaches in 2023, highlighting the growing challenges in cybersecurity amidst stricter regulatory environments. The disclosure came with the publication of the S&P 500 Cyber Threat Report, which analyzes trends and provides recommendations for Chief Information Security Officers (CISOs) to navigate the new landscape.
In response to the rising number of cyber incidents, the U.S. Securities and Exchange Commission (SEC) implemented stringent cybersecurity regulations in the fall of 2023. These new rules mandate that companies publicly report “material” cybersecurity breaches within four days—a significant shift from the previously lax reporting requirements.
Dr. Aleksandr Yampolskiy, CEO and Co-Founder of SecurityScorecard, emphasized the necessity for a universal framework to assess and communicate cybersecurity risks effectively, akin to how credit scores function in financial assessments. “Just as financial credit scores revolutionized transparency in financial health, we envision a similar standardized measure for cybersecurity, fostering greater clarity and accountability across industries,” said Yampolskiy.
SecurityScorecard’s STRIKE threat hunters conducted an analysis on the security ratings of these corporations to identify enhancement opportunities for the cybersecurity measures of significant U.S. economic players.
Key Findings from the Report:
- High-Value Targets: S&P 500 companies are prime targets for ransomware due to their substantial market values, leading to ransom demands often reaching into the millions.
- Sector-Specific Impacts: Financial Services and Insurance sectors accounted for 25% of the breaches, underscoring the high stakes due to their significant financial assets and interconnectivity.
- Personal Information at Risk: Over half of the companies had incidents involving exposed personal information, which could facilitate social engineering attacks.
- Social Engineering Threats: The average risk grade for social engineering among these companies was an “F”, indicating a widespread vulnerability despite strong security measures elsewhere.
- Supply Chain Vulnerabilities: The report also reveals that connections link almost all surveyed companies to a third-party that has suffered a breach, demonstrating the wide-reaching implications of supply chain attacks.
Ryan Sherstobitoff, Senior Vice President of Threat Research and Intelligence at SecurityScorecard, stressed the importance of robust vendor oversight to mitigate risks from supply-chain cyber attacks, which have affected millions globally. “Companies are prioritizing vendor oversight after major supply-chain cyber attacks have affected thousands of businesses and breached data on millions of customers. The strength of a company’s cybersecurity is directly linked to the security measures of even its smallest vendors,” said Sherstobitoff.
Source: SecurityScorecard Threat Research: 21% of S&P 500 Companies Reported Breaches in 2023.
Other News: Data Breach Costs Rise – Report(Opens in a new browser tab)