The number of cyberattacks on corporate America continues to increase at a steady rate, with many of them beginning with a “phishing” email that tricks employees into sending network access information, such as a password, to the attacker, according to a new report.

The study, the fifth annual Data Security Incident Response Report from Baker & Hostetler, discusses insights gained from the more than 750 incidents the law firm worked on in 2018. The report shows that the number of incidents investigated grew steadily each year from 200 in 2014 to 750 last year.