BakerHostetler has released its 12th annual Data Security Incident Response (DSIR) Report, which examines the cybersecurity breach landscape in 2025. Produced by the law firm’s Digital Assets and Data Management Practice Group, the report analyses more than 1,250 data security incidents.
The 2026 DSIR Report reviews key metrics, including timelines for network intrusion response and ransomware trends. It reports that average ransomware demands have risen to $4.2 million, alongside increasing settlement amounts, highlighting financial impacts on affected organisations.
The report also notes an increase in class actions, which now appear in 14% of security breaches, up from 9% the previous year. Large enterprises are identified as facing litigation risk even in cases involving minimal notification.
Phishing remains the most common cause of incidents, followed by unpatched vulnerabilities. Regulatory challenges are reported across multiple sectors, with health care most affected, followed by finance and insurance.
Improvements in forensic investigation processes are associated with reduced notification times, although costs have increased, particularly for larger investigations.
Vendor-related vulnerabilities are reported in around a quarter of incidents, indicating ongoing risks associated with third-party relationships. Artificial intelligence is also identified as an emerging factor, associated with faster attack execution and increased legislative activity across U.S. states.
The report presents these findings as part of an overview of current cybersecurity risks and incident response trends.
