Data Security Incident Response Report

The median time from initial account access to discovery of the fraudulent fund transfer was 18 days, compared with three days for all incidents generally.

The average ransom paid dropped 33% in 2024 to $501,388, down from $747,651 in 2023.

The average fraudulent wire transfer was over $1 million in 2024. Specifically, it surged from $430,445 in 2023 to $1,256,797 in 2024.

The health care sector had the highest average ransom paid of any industry, at $847,875.

Just over 50% of the wire fraud matters affected the business and professional services and finance and insurance industries

Lawsuits were filed after 51 out of 518 disclosed incidents in 2024, compared with 58 out of 493 disclosed incidents in 2023. This was the first year in the past five without an increase in post-data breach class action filing frequency.

Forensic investigation costs dropped dramatically, marking a three-year low and a 30% reduction.

Health care continued to be the industry with the most incidents at 36%.

The total amount of fraudulent transfers grew by over 300%, from $35 million in 2023 to $109 million in 2024.

The average forensic costs for the 20 largest network intrusion matters declined from $550,000 to $273,000 in just the past two years.