Skip to content
Tech News
← Back to articles

Processes and Culture Top Reasons Behind Data Breaches

2026-05-20 | original
read original get Cybersecurity Awareness Book → more articles
Why This Matters

This article underscores the persistent cybersecurity vulnerabilities faced by local governments and private sectors, highlighting the importance of robust processes and culture in preventing data breaches. As cyber threats continue to evolve, understanding these underlying causes is crucial for industry stakeholders and consumers alike to enhance security measures and foster a proactive security mindset.

Key Takeaways

Municipal leaders, utility personnel, and even one retired city auditor were eager to learn which cyber threats are targeting local governments, and more importantly how to address them because, as one panelist emphasized: "Nowadays, you will eventually be hit."

Massachusetts state officials and technology specialists gathered to discuss the findings of a new study that examined all the breaches in 2024 against MA residents and found some troubling security gaps persist. Those same gaps – weak passwords and insufficient patch management - affect businesses nationwide. The threat vectors also echoed what vendors, like Verizon Business' Data Breach Investigation reports, have been saying for years: System intrusions and internet-facing vulnerabilities are how attackers gain access.

MassCyberCenter, a state cyber security resource, hosted its sixth annual Massachusetts Municipal Cybersecurity Summit featuring a panel with its director, John Petrozzeli; Layla D'Emilia, undersecretary of the Office of Consumer Affairs and Business Regulation (OCABR); and Jared Rinehimer, division chief of privacy and responsible technology for the Office of the Attorney General. The panelists, moderated by Dave Balcar, cyber evangelist at NeXasure, discussed findings from a joint report from OCABR and the Business Regulation MassCyberCenter, "Examining the Impact of Data Breaches in Massachusetts"

Related:Windows Zero-Day Barrage Continues After Patch Tuesday

For starters, while a peek into Massachusetts breaches helps defenders, the numbers are likely skewed. Underreporting is an issue the panelists highlighted at length while discussing the 2024 report as well as 2026 challenges.

Underreporting is more predominant among private companies, revealed Balcar. Financial services, healthcare, and banking represented the top industries affected by breaches.

Balcar kicked off the panel with one critical question: What's keeping people from reporting? Following a breach, it does take time for organizations to figure out exactly what happened, and what was breached, explained D'Emilia. But transparency is also key so that consumers are in the know – a point she reiterated throughout the session.

The U.S. has no federal law mandating reporting of cyber breaches. States including Massachusetts, California and New York have passed consumer data protection and privacy legislation, so regulations vary.

The Massachusetts Office of the Attorney General requires organizations to "provide notice, as soon as practicable and without unreasonable delay" following a data breach. Filings must include the nature of the breach, whether it involved unauthorized access, the number of affected residents, type of compromised information, confirmation of a written security program, and all the steps the agency has taken related to the incident.

Related:Fuel Tank Breaches Expand Scope of Iran's Cyber Offensive

... continue reading

Explore topics: verizon masscybercenter data breach patch management nexsure
Related:
AT&T is the first carrier to charge an admin fee for its prepaid plans
Mobile phishing is a bigger threat than email now - how to stay protected
Verizon DBIR: Enterprises Face a Dangerous Vulnerability Glut
[Virtual Event] Anatomy of a Data Breach: What to Do if it Happens to You
7-Eleven confirms data breach claimed by the ShinyHunters gang

© 2026 GoKawiil

About | Editorial Policy | Contact