1 in 5 S&P 500 Companies Reported Breaches Last Year

Ransomware demands and supply chain targeting continues to escalate.

Apr 11, 2024
Financial Cyber

According to the latest threat research from SecurityScorecard, 21 percent of S&P 500 companies experienced breaches in 2023. The new S&P 500 Cyber Threat Report details emerging trends and strategies. According to Dr. Aleksandr Yampolskiy, CEO and Co-Founder of SecurityScorecard, “Regulatory pressure continues to grow, and companies need a unified definition of cybersecurity due diligence with clear metrics. Just as credit scores standardized the financial world, companies need a universal framework to measure cybersecurity risk.”

SecurityScorecard STRIKE threat hunters analyzed the security ratings of S&P 500 companies to find ways to improve the security of key players in the U.S. economy. Their findings show:

  • 21 percent of S&P 500 companies reported breaches in 2023. Attackers are chasing money. Ransomware operators view S&P 500 companies as particularly valuable targets based on their stocks’ market value and demand accordingly high ransoms. Attackers know that bigger targets are typically capable of paying high ransoms.
  • 52 percent of companies had personal information exposed. Attackers are gaining access to employee information to facilitate social engineering attacks. Skilled threat actors combine various sources to tailor their attacks for maximum impact, or to impersonate employees.
  • The average Social Engineering risk grade for the S&P 500 is an “F”. Many threat actors use social engineering attack vectors because they enable attackers to circumvent technical security solutions by manipulating human users.
  • Ransomware demands for S&P 500 victims are now often in the eight-figure range. Ransomware operators often base their ransom demands on a company’s size in terms of the number of employees and its monetary value (e.g., market capitalization or annual revenue).
  • Supply chain attacks have a material impact. Attackers are going through a company’s vendors and partners if they can’t access them directly. As cited by the SEC requirements, SecurityScorecard research found that 98 percent of companies have a relationship with a third party that has been breached. Therefore, such third-party companies — whether public or not — should also familiarize themselves with the new regulations.

Ryan Sherstobitoff, Senior Vice President of Threat Research and Intelligence, stated, “Companies are prioritizing vendor oversight after major supply chain cyber attacks have affected thousands of businesses and breached data on millions of customers. The strength of a company’s cybersecurity is directly linked to the security measures of even its smallest vendors.”

In fall 2023, the U.S. Securities and Exchange Commission (SEC) adopted landmark cybersecurity regulations, requiring publicly disclosing “material” cybersecurity incidents within four days. Previously, there were very few breach reporting requirements, which left government officials, policymakers, and investors without key information on cybersecurity incidents

Latest in Cybersecurity
Intuitive and Flexible Manufacturing ERP
Sponsored
Intuitive and Flexible Manufacturing ERP
April 26, 2024
Ep90
Security Breach: DMZs, Alarm Floods and Prepping for 'What If?'
April 25, 2024
Fleet Of Fed Ex Delivery Trucks In A Parking Lot 483290419 4500x3000 (1)
Transportation and Logistics Under Siege
April 24, 2024
Industrial Cyber
5G, AI and More Are Changing OT - Why Zero Trust Could Be the Solution
April 24, 2024
Related Stories
Cybersecurity
Cybersecurity
ZAG Technical Services Announces New Cybersecurity Offering
I Stock 1251037786
Cybersecurity
What is Volt Typhoon?
This photo provided by the Municipal Water Authority of Aliquippa shows the screen of a Unitronics device that was hacked in Aliquippa, Pa., on Saturday, Nov. 25, 2023. The hacked device was in a pumping booster station owned by the Municipal Water Authority of Aliquippa. An electronic calling card left by the hackers suggests they picked their target because it uses components made by an Israeli company.
Cybersecurity
Congressmen Ask DOJ to Investigate Water Utility Hack
Intuitive and Flexible Manufacturing ERP
Sponsor Content
Intuitive and Flexible Manufacturing ERP
More in Cybersecurity
Manufacturing Business Management
Sponsored
Manufacturing Business Management
Acumatica looks to offer new solutions.
April 26, 2024
Ep90
Video
Security Breach: DMZs, Alarm Floods and Prepping for 'What If?'
The new factors impacting a growing attack surface, and how to evolve your cyber risk strategies.
April 25, 2024
Fleet Of Fed Ex Delivery Trucks In A Parking Lot 483290419 4500x3000 (1)
Cybersecurity
Transportation and Logistics Under Siege
A look at how this vital and increasingly targeted market sector is responding to more cyberattacks.
April 24, 2024
Industrial Cyber
Cybersecurity
5G, AI and More Are Changing OT - Why Zero Trust Could Be the Solution
Maximizing technology investments while maintaining security.
April 24, 2024
Manufacturing Infrastructure Cyber
Cybersecurity
Avoiding Shutdowns from Ransomware Attacks
A strategic approach for protecting OT networks.
April 24, 2024
IEC 62443 is a key standard to reduce risk of cyberattacks in industrial workplaces.
Cybersecurity
How to Build a More Secure Connected World with IEC 62443
The goal is better efficiency, improved sustainability and interoperability, enhanced reliability and greater cost-effectiveness for system integrators, product suppliers and other stakeholders.
April 24, 2024
Coding
Cybersecurity
CISA Releases 7 ICS Advisories
Unitronics, Rockwell and Mitsubishi head the list.
April 19, 2024
Financial Cyber
Cybersecurity
Alarming Trends Reinforced in Ransomware Attack of Semiconductor Mfr.
Experts assess the fallout from the Dark Angel attack on Nexperia.
April 19, 2024
Industrial Cyber
Cybersecurity
Hexagon, Dragos Announce Partnership
The team-up looks to "revolutionize OT cybersecurity."
April 18, 2024
Ransomware
Cybersecurity
Report Shows Updated Ransomware Concerns
Hackers are elevating the complexity of their attacks - making them harder to detect.
April 18, 2024
Cybersecurity In A Bubble
Cybersecurity
Responding to Emerging Risks and Attack Vectors
Insight on key hacker strategies, response plans and creating a culture that embraces cybersecurity.
April 18, 2024
Ep89
Video
Security Breach: Weaponizing Secure-By-Design
How a greater focus on new and legacy OT connections could alter the cybersecurity battlefield.
April 18, 2024
Siemens Image 1
Cybersecurity
An Automatic Cyber Response Solution
The platform works to isolate and quarantine the infected production equipment during an attack.
April 11, 2024
Soc
Cybersecurity
How Oversight Impacts Enterprise Level Cybersecurity
A new report examines the benefits being realized by higher-level cyber scrutiny.
April 11, 2024
Ep88tn2
Video
Security Breach: Over-Connectivity and Mobile Defeatism
The good, the bad and the ugly of mobile device security in the expanding OT attack landscape.
April 11, 2024