Incident Types: The types of cybersecurity incidents that have occurred include Ransomware and Breach.

Total Financial Loss: The total financial loss from these incidents is estimated to be $1 billion.

Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with efforts to contain the attack, and recovery measures with efforts to restore the systems, and law enforcement notified with u.s. department of justice, and company with sinclair broadcast group, details with restored network from backups; no ransom paid, company with blackbaud, inc., details with prevented full encryption; expelled threat actor; paid ransom, company with westrock company, details with incurred recovery costs; expects insurance reimbursement, company with radiant logistics, details with took systems offline; engaged forensic experts and legal counsel, company with faneuil, details with engaged legal counsel and cybersecurity firms; implemented containment/remediation, and company with radiant logistics, assistance with forensic experts, it professionals, company with faneuil, assistance with legal counsel, leading cybersecurity firms, and company with colonial pipeline, details with doj seized $2.3 million of ransom payment, and company with faneuil, measures with systems containment; remediation, company with radiant logistics, measures with systems taken offline, and company with sinclair broadcast group, measures with network restoration from backups, company with blackbaud, inc., measures with expelled threat actor; risk mitigation, company with mineral technologies, measures with system restoration ($4 million), company with benchmark electronics, measures with incident response and recovery, and company with radiant logistics, strategy with proactively engaging affected customers/employees..

Common Attack Types: The most common types of attacks the company has faced is Ransomware.

Average Financial Loss: The average financial loss per incident is $333.33 million.

Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Payment card details, Company: Blackbaud, Inc., Data: Customer and employee data (subset), Company: Radiant Logistics, Data: Customer and employee data and .

Incident Response Plan: The company's incident response plan is described as company: Sinclair Broadcast Group, details: Restored network from backups; no ransom paid, company: Blackbaud, Inc., details: Prevented full encryption; expelled threat actor; paid ransom, company: WestRock Company, details: Incurred recovery costs; expects insurance reimbursement, company: Radiant Logistics, details: Took systems offline; engaged forensic experts and legal counsel, company: Faneuil, details: Engaged legal counsel and cybersecurity firms; implemented containment/remediation, .

Third-Party Assistance: The company involves third-party assistance in incident response through company: Radiant Logistics, assistance: Forensic experts, IT professionals, company: Faneuil, assistance: Legal counsel, leading cybersecurity firms, .

Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: company: Sinclair Broadcast Group, measures: Network restoration from backups, company: Blackbaud, Inc., measures: Expelled threat actor; risk mitigation, company: Mineral Technologies, measures: System restoration ($4 million), company: Benchmark Electronics, measures: Incident response and recovery, .

Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by efforts to contain the attack, company: faneuil, measures: systems containment; remediation, company: radiant logistics, measures: systems taken offline and .

Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Efforts to restore the systems.

Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through company: Blackbaud, Inc., actions: 570 customer claims; lawsuits proceeding (July 2021), .

Key Lessons Learned: The key lessons learned from past incidents are Ransomware recovery costs extend beyond ransom payments, including legal expenses, remediation, and technical debt redress.,Insurance reimbursements can offset but not fully cover financial losses.,Publicly traded companies must report material cyber incidents to the SEC (8-K filings).,Post-incident security improvements (e.g., MFA) are often accelerated due to increased budgets.,Data exfiltration is a common tactic alongside encryption in ransomware attacks.

Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Comply with SEC reporting requirements for material cyber incidents (within 4 days, per proposed rules)., Maintain offline backups to enable recovery without paying ransom., Monitor dark web for signs of stolen data being sold or leaked., Implement multifactor authentication (MFA) and other delayed security projects proactively., Review cyber insurance coverage to ensure adequate protection against ransomware losses. and Engage third-party forensic and legal experts early in incident response..

Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: CSO Online, and Source: U.S. Securities and Exchange Commission (SEC) 8-K FilingsUrl: https://www.sec.gov/edgar/searchedgar/companysearch.html, and Source: U.S. Department of Justice (DOJ) Press Release on Colonial Pipeline Ransom Recovery.

Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Company: Radiant Logistics and Strategy: Proactively engaging affected customers/employees.

Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Company: Radiant Logistics, Details: Proactively engaging affected customers/employees, Company: Blackbaud, Inc., Details: Notified customers of data breach; offered reimbursement for claims and .

Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Company: Radiant Logistics, Assistance: Forensic experts, IT professionals, Company: Faneuil, Assistance: Legal counsel, leading cybersecurity firms, .

Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Accelerated Security Budget Approvals Post-Incident, Implementation Of Delayed Projects (E.G., Mfa, Network Segmentation), Enhanced Monitoring And Incident Response Planning, Review Of Cyber Insurance Policies, .

Ransom Payment History: The company has Paid ransoms in the past.

Last Attacking Group: The attacking group in the last incident was an Fin7.

Most Recent Incident Detected: The most recent incident detected was on January 2021.

Most Significant Data Compromised: The most significant data compromised in an incident were 15 million payment cards, Company: Blackbaud, Inc., Data: Subset of data from self-hosted private cloud (customer/employee data), Company: Radiant Logistics, Data: Customer and employee data extracted from servers and .

Most Significant System Affected: The most significant system affected in an incident were ATM machinesPoint-of-sale systems and C, o, m, p, a, n, y, :, , S, i, n, c, l, a, i, r, , B, r, o, a, d, c, a, s, t, , G, r, o, u, p, ,, S, y, s, t, e, m, s, :, , N, e, t, w, o, r, k, , (, r, e, s, t, o, r, e, d, , f, r, o, m, , b, a, c, k, u, p, s, ), ,, C, o, m, p, a, n, y, :, , W, e, s, t, R, o, c, k, , C, o, m, p, a, n, y, ,, S, y, s, t, e, m, s, :, , I, T, , a, n, d, , o, p, e, r, a, t, i, o, n, a, l, , t, e, c, h, n, o, l, o, g, y, , s, y, s, t, e, m, s, ,, C, o, m, p, a, n, y, :, , R, a, d, i, a, n, t, , L, o, g, i, s, t, i, c, s, ,, S, y, s, t, e, m, s, :, , O, p, e, r, a, t, i, o, n, a, l, , a, n, d, , I, T, , s, y, s, t, e, m, s, , (, t, a, k, e, n, , o, f, f, l, i, n, e, ), ,, C, o, m, p, a, n, y, :, , B, l, a, c, k, b, a, u, d, ,, , I, n, c, ., ,, S, y, s, t, e, m, s, :, , S, e, l, f, -, h, o, s, t, e, d, , p, r, i, v, a, t, e, , c, l, o, u, d, , e, n, v, i, r, o, n, m, e, n, t, ,, C, o, m, p, a, n, y, :, , B, e, n, c, h, m, a, r, k, , E, l, e, c, t, r, o, n, i, c, s, ,, S, y, s, t, e, m, s, :, , C, u, s, t, o, m, e, r, , a, n, d, , e, m, p, l, o, y, e, e, , a, c, c, e, s, s, , s, y, s, t, e, m, s, ,, C, o, m, p, a, n, y, :, , F, a, n, e, u, i, l, ,, S, y, s, t, e, m, s, :, , I, n, f, o, r, m, a, t, i, o, n, , t, e, c, h, n, o, l, o, g, y, , s, y, s, t, e, m, s, ,, .

Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was company: radiant logistics, assistance: forensic experts, it professionals, company: faneuil, assistance: legal counsel, leading cybersecurity firms, .

Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Efforts to contain the attack, Company: Faneuil, Measures: Systems containment; remediation, Company: Radiant Logistics, Measures: Systems taken offline and .

Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Company: Blackbaud, Inc., , 15 million payment cards, Data: Customer and employee data extracted from servers, , Company: Radiant Logistics, , Data: Subset of data from self-hosted private cloud (customer/employee data) and .

Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 15.0M.

Highest Ransom Paid: The highest ransom paid in a ransomware incident was [{'company': 'JBS', 'amount': '$11 million'}, {'company': 'Colonial Pipeline', 'amount': '$4.43 million ($2.3 million recovered)'}, {'company': 'ExaGrid', 'amount': '$2.6 million'}, {'company': 'Blackbaud, Inc.', 'amount': 'Undisclosed (ransom paid)'}].

Most Significant Legal Action: The most significant legal action taken for a regulatory violation was company: Blackbaud, Inc., actions: 570 customer claims; lawsuits proceeding (July 2021), .

Most Significant Lesson Learned: The most significant lesson learned from past incidents was Data exfiltration is a common tactic alongside encryption in ransomware attacks.

Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Comply with SEC reporting requirements for material cyber incidents (within 4 days, per proposed rules)., Maintain offline backups to enable recovery without paying ransom., Monitor dark web for signs of stolen data being sold or leaked., Implement multifactor authentication (MFA) and other delayed security projects proactively., Review cyber insurance coverage to ensure adequate protection against ransomware losses. and Engage third-party forensic and legal experts early in incident response..

Most Recent Source: The most recent source of information about an incident are U.S. Department of Justice (DOJ) Press Release on Colonial Pipeline Ransom Recovery, U.S. Securities and Exchange Commission (SEC) 8-K Filings and CSO Online.

Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://www.sec.gov/edgar/searchedgar/companysearch.html .

Current Status of Most Recent Investigation: The current status of the most recent investigation is [{'company': 'Blackbaud, Inc.', 'status': 'Ongoing lawsuits (as of February 2022)'}, {'company': 'Sinclair Broadcast Group', 'status': 'Recovery ongoing; financial impact still fluid (as of reporting date)'}, {'companies': ['WestRock Company', 'Radiant Logistics', 'Mineral Technologies', 'Benchmark Electronics', 'Faneuil'], 'status': 'Incident closed; financial reporting completed'}].

Most Recent Customer Advisory: The most recent customer advisory issued were an company: Radiant Logistics, details: Proactively engaging affected customers/employees, company: Blackbaud, Inc., details: Notified customers of data breach; offered reimbursement for claims and .