The business of malware has become operationalized such that a majority of instances are to generate revenue for the attacker(s) via ransomware, harvesting credentials, exfiltrate data, and other data. To gain access to the items of value, the attackers have to compromise the system in some form.

These breaches have an immediate impact on the affected party. The entity may need to forward the usual notification based on the number of records or other attributes of the breach. With these, the type of data affected must also be taken into consideration.