2016 Cyber Attack Stats and Defense Options


The Baker Hostetler Law Firm, a recognized expert on regulatory and legal consequences of data breaches, has released its 2016 Data Security Report titled, Is Your Organization Compromise Ready? In the 300 incidents handled by the firm in 2015, phishing, hacking, and malware took the lead, accounting for about 31% of incidents investigated. However, after analyzing the underlying issues that allowed the attacks to succeed, the findings showed that human error was a significant factor over half of the time.


Highlighted defense against cyber threats

The report is a must read for law firms that have yet to prepare for the eventual Cyber Security Breach with today’s sophisticated, ever-evolving cyber threats. The report highlights that one of the readily available weapons in a law firm’s arsenal to defend against cyber threats is Cyber Liability Insurance.

Cyber liability insurance policies give policyholders access to the latest in risk assessment and risk management resources. Those resources will help a law firm identify and address network and system vulnerabilities. Law firms have an ethical and legal obligation to protect the confidential digital information of clients and; being proactive and not reactive, is the difference between effectively and efficiently shutting down the cyber criminal.


A readily available forensic team can protect your clients and prevent public notifications

The Baker report sites that a company's ability to get a forensic firm engaged quickly is key and found that the average amount of time from discovery until containment was 7 days. Below is a graphic of the incident response timeline. Cyber Liability Insurance allows a firm to work immediately with predetermined “privacy counsel” and forensic investigators.


The Baker report also found that with effective forensic investigation, not every incident results in notification or “public awareness”. Approximately 40% of the incidents Baker investigated in 2015 did not require notification. Two of the most common reasons notification was not required were (1) because the information at risk did not meet the definition of “personal information" and (2) a forensic investigation determined that there was no unauthorized access or acquisition of personal information. It was also pointed out that companies can most improve their cyber security exposure by:

  1. Detecting incidents sooner;

  2. Contain them faster after detection; and

  3. Keeping good logs to better identify what occurred and stop the attack before the attacker can get a foothold in the network.

Baker says: “Knowing with greater certainty what was at risk and having the ability to show that certain data elements were not affected often play key parts in a company’s dialogue with regulators and customers, and provide defenses in enforcement actions and lawsuits”.


Effective network security protocols are very important, but almost just as important is having Cyber Liability Insurance. The Baker Hostetler report states, it is one important component to being “compromise ready,” which involves preparing for everything. The report goes on to say that damage to a company’s reputation is more likely to occur when the notification shows that the underlying cause should have been prevented or that the company is viewed as not handling the response well. Cyber Liability Insurance is designed to address the human element that most often contributes to a breach by giving you the resources to inform and educate before a breach happens and the experts to effectively deal with the aftermath should one occur.


Ready to get a premium estimate for your own Cyber Insurance?

Questions about Cyber Insurance and want to speak with an expert?