Many of the world’s biggest companies reported data breaches last year

Bad security practices and good reporting regulations created a perfect storm

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A fifth of the companies listed on the S&P 500 index suffered a cyberattack in 2023, a report from SecurityScorecard has claimed, stating a mix of poor cybersecurity practices, high company valuations, and stringent regulations, resulted in such alarmingly high statistics.

SecurityScorecard says that 21% of these companies experienced a breach, as they are “particularly valuable” targets to cybercriminals based on their stocks’ market value.

Of all the successful breaches, a quarter (25%) happened in Financial Services and Insurance companies. Furthermore, half (52%) exposed personal information.

Regulatory pressure

SecurityScorecard did not cut these organizations any slack, either. The average Social Engineering risk grade for these enterprises is an “F”, signaling that most of them are relatively easy to breach with a little social engineering. Usually, the attackers would combine various sources and gain access to plenty of employee information, which they would later use in tailor-made social attacks. In some instances, the attackers would even impersonate certain individuals to make the attack as convincing as possible.

Finally, another important reason for such a high number of reported breaches are “landmark cybersecurity regulations” introduced by the U.S. Securities and Exchange Commission (SEC) late last year. These regulations require organizations to publicly disclose any cybersecurity incidents with a material impact within four days.

“Previously, there were very few breach reporting requirements,” the researchers said, “which left government officials, policymakers, and investors without key information on cybersecurity incidents.”

“Regulatory pressure continues to grow, and companies need a unified definition of cybersecurity due diligence with clear metrics,” said Dr. Aleksandr Yampolskiy, CEO and Co-Founder, SecurityScorecard. “Just as credit scores standardized the financial world, companies need a universal framework to measure cybersecurity risk and define materiality.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)