By far the biggest threat in this industry is the social engineer. Actors who can craft a credible phishing email are absconding with Credentials at an alarming rate in this sector.
3,236 incidents, 885 with confirmed data disclosure
Social Engineering, Miscellaneous Errors, and System Intrusion represent 92% of breaches
External (83%), Internal (17%) (breaches)
Financial (96%), Espionage (4%) (breaches)
Credentials (80%), Personal (18%), Other (6%), Medical (4%) (breaches)
Top IG1 Protective Controls
Security Awareness and Skills Training (14), Access Control Management (6), Account Management (5)
- 2021 DBIR
- DBIR Master's Guide
- Results and Analysis
- Incident Classification Patterns
- Data Breach Statistics By Industry
- Accommodation Food Services
- Entertainment Data Breaches
- Educational Services Data Breaches
- Financial Services Data Breaches
- Healthcare Data Breaches Security
- Information Industry Data Breaches
- Manufacturing Data Breaches
- Energy Utilities Data Breaches
- Professional Technical Scientific Services
- Public Administration Data Breaches
- Retail Data Breaches Security
- SMB Data Breaches Deep Dive
- Introduction by Regions
- Year in Review 2021
- 2021 DBIR Corrections
- Download the full report (PDF)
The Social Engineering pattern was responsible for over 69% of breaches in this vertical (Figure 116). Clearly, this industry is a favorite honey hole among the phishing fiends. The Social actions were almost exclusively Phishing with email as the vector (Figure 117). Pretexting was rarely leveraged at all, and why should they go to all the work of inventing a scenario when a straight up phish gets the job done?
The Miscellaneous Errors pattern was a far distant second and consisted of Misconfiguration (although not usually found by security researchers—which was a surprise, as that is the most common pairing) and Misdelivery (Figure 118). Certainly, government entities are responsible for a lot of mass mailings, and paper documents were the second most common assets that were delivered to the wrong recipient, with good old-fashioned emails taking first place.
The System Intrusion pattern rounds out our top three and is a combination of Hacking and Malware actions. We found the Use of stolen credentials, followed by dropping Malware with either C2 or ransomware capabilities to be the most common story in this pattern.
The most frequently stolen data type is Credentials, which are then used to further the attacker’s presence in the victim’s network and systems (Figure 119). After Credentials, Personal information is the top data type compromised where breaches were confirmed in this sector.
Let's get started.
Choose your country to view contact details.
- Select Country...
- Costa Rica
- Hong Kong
- New Zealand
- United Kingdom
- United States
Call for Sales.
Or we'll call you.