Welcome to the 15th annual Verizon Data Breach Investigations Report! It is truly hard to believe that it has been 15 years since our inaugural installment of this document. Were we to indulge our imaginations with anthropomorphic comparisons, we might find this report having its braces removed, finally being able to get a driver’s permit, overusing sarcasm, perhaps becoming a bit goth and generally being unappreciative. But we won’t bother with all that. We will simply say THANK YOU! Thank you to our contributors for your continued willingness to share your data, insight and vast experience in a selfless effort to improve this industry. A huge thank you to our readers for sticking with us through this long and epic journey, for being the reason we work so hard to produce this report, and most of all, for keeping us from having to get real jobs.
The past few years have been overwhelming for all of us. Just when we think we have reached the uttermost limit of our ability to be surprised, the world throws us yet another curve ball. Honestly, at this point, we here on the team would not so much as blink if Sasquatch were elected Governor, if Area 51 opened a bed and breakfast, or if ransomware increased yet again. Spoiler alert–one of those things did, in fact, happen. (Congrats, Squatch! You deserve it.)
The past year has been extraordinary in a number of ways, but it was certainly memorable with regard to the murky world of cybercrime. From very well publicized critical infrastructure attacks to massive supply chain breaches, the financially motivated criminals and nefarious nation-state actors have rarely, if ever, come out swinging the way they did over the last 12 months. As always, we will examine what our data has to tell us about these and the other common action types used against enterprises. Also, in honor of the 15th edition of the DBIR, we will occasionally refer back to comments, charts, and figures from previous editions of this report to see how far we, as an industry, have come, and how the threat landscape and the techniques threat actors utilize have changed. This year the DBIR team analyzed 23,896 security incidents, of which, 5,212 were confirmed data breaches.
With that in mind, let’s revisit the Introduction to the 2018 DBIR:
“The DBIR was created to provide a place for security practitioners to look for data-driven, real-world views on what commonly befalls companies with regard to cybercrime. That need to know what is happening and what we can do to protect ourselves is why the DBIR remains relevant over a decade later. We hope that as in years past, you will be able to use this report and the information it contains to increase your awareness of what tactics attackers are likely to use against organizations in your industry, as a tool to encourage executives to support much-needed security initiatives, and as a way to illustrate to employees the importance of security and how they can help.”
From that perspective, we are proud to say that nothing has changed, and we hope you both enjoy the report and find the information it contains useful. Thanks again, for everything.
The DBIR Team
Gabriel Bassett, C. David Hylender, Philippe Langlois, Alex Pinto, Suzanne Widup
Special thanks to Dave Kennedy of the Verizon Threat Research Advisory Center (VTRAC) for his continued support and yearly contribution to this report, and to the Verizon Sheriff Team for their invaluable assistance.
- 2022 DBIR
- Master Guide
- Summary of Findings
- Results and Analysis Intro
- Results and Analysis - Intro to Patterns
- Results and Analysis - Not the Human Element
- Results and Analysis - Basic Web Application Attacks
- Intro to Industries
- Accommodation and Food Services Data Breaches
- Arts and Entertainment Data Breaches
- Data Breaches in Education
- Financial Services Data Security Breaches
- Healthcare Data Breaches
- Information Industry Data Breaches
- Data Breaches in Manufacturing Industries
- Data Breaches in Energy & Utilities Industries
- Professional Services Data Breaches
- Public Administration Data Breaches
- Retail Data Breaches and Security
- Small Business Data Breach Statistics
- Intro to Regions
- Wrap Up
- Download the full report (PDF)
Please provide the information below to view the online Verizon Data Breach Investigations Report.
You will soon receive an email with a link to confirm your access, or follow the link below.
You may now close this message and continue to your article.
Let's get started.
Choose your country to view contact details.
- Select Country...
- Costa Rica
- Hong Kong
- New Zealand
- United Kingdom
- United States
Call for Sales.
Or we'll call you.