BakerHostetler has released its 2025 Data Security Incident Response Report, which provides insight and analysis from more than 1,250 data security incidents managed by the firm this past year. Their report features a deep dive into critical components of security incidents (e.g., response timeline, average ransom payment amount, frequency of litigation) as well as an examination of trends in litigation, privacy, artificial intelligence, web tracking, the regulatory landscape and more.
Key takeaways:
- Companies are starting to win the battle against ransomware. Successful attacks are fewer. Time to restore is faster. Payments are lower.
- Forensic investigation costs dropped dramatically, marking a three-year low and a 30% reduction. In just the past two years, the average forensic costs for the 20 largest network intrusion matters declined from $550,000 to $273,000.
- Less malware is being used. Use of compromised credentials is more prevalent. So identity access management and access controls are even more important.
- Post-data breach class action filing frequency was slightly less than the year before (lawsuits were filed after 51 out of 518 disclosed incidents compared with 58 out of 493 disclosed incidents in 2023). This was the first year in the past five without an increase.
- Wire fraud impact grew. The total amount of fraudulent transfers grew by over 300%, from $35 million in 2023 to $109 million in 2024. The average fraudulent wire transfer was over $1 million.
- Healthcare continued to be the industry with the most incidents (36%).
Download the full report from BakerHostetler.
