Public Sector cyber security threats on the rise according to Verizon’s 2023 DBIR

Author: Phil Muncaster

The 2023 Data Breach Investigations Report (DBIR)1 is Verizon's annual breach activity assessment, detailing breach event statistics in conjunction with 80+ industry leading cyber security partners. The 2023 DBIR Public Sector Snapshot2 highlights the need for government agencies to leverage more robust services to help increase security protection and better manage assets.  As the Government Accountability Office (GAO) reports, risks to government IT systems are increasing. Both Federal and State and Local government agencies are highly vulnerable to breach especially through third party software and internet-enabled devices.  Public sector cyber security can be greatly enhanced through partnering with cyber security leaders that can deliver managed and professional security services, as well as private and secure network connections.

The 2023 DBIR reveals that 20% of incidents and 11% of breaches analyzed this year were linked to the Public Administration sector, the most of any industry. In contrast, in the 2022 DBIR, the public sector recorded the second-highest number of incidents at 12% and came in third for total number of breaches at 10%.  The public sector is mandated to report breaches.

So, the key questions of government cyber security are: What, according to industry experts, is driving these trends? And how can your organization take measures to protect itself from public sector cyber security threats?

What are the main government cyber security threat trends?

As always, there are plenty of insights to consider from the latest DBIR, which is based on an analysis of 3,270 cyber incidents and 582 confirmed breaches in the public sector. Most notable are the following:

The human element

The 2023 DBIR reports 83% of breaches involved external actors, and the primary motivation for attacks continues to be overwhelmingly financially driven, at 95% of breaches. 

Financial incentives may also be a factor here as over two-thirds (68%) of government breaches are financially motivated, according to the DBIR.


The government is the major target for Espionage attacks—while across all industries just 3% of threat actors were motivated by espionage, yet in the public sector cyber security space it's 10 times that figure. This is also up significantly from 18% in the 2022 report, indicating that cyber espionage may be becoming a more acute threat.

As the DBIR notes, Russia's invasion of Ukraine was expected to be a factor in increased State-sponsored attacks, including Espionage. Russian state operatives carried out network penetration and espionage against 128 organizations in 42 countries allied with Ukraine, prioritizing government entities among NATO members. The U.S. was their number one target, alongside Baltic nations and Poland.


The DBIR also reveals a concerning uptick in breaches resulting not from external actors only, but rather by collusion involving internal (30%) and "multiple" (16%) sources.2 The latter refers to third-party actors (typically external actors) working with government partners or employees to achieve their strategic goals. It's particularly worrying considering the share of internal threat actors rose from 2% last year, while multiple actor threats stood at zero over the past two years of the DBIR.

Although misuse (internal malicious activity) peaked as an "Action category" in 2019, public sector cyber security teams must be alert to the possibility of disaffected colleagues colluding with threat actors. The key is to catch such plans early on.

Malware and ransomware

The system Intrusion category refers to "complex attacks that leverage malware and/or hacking to achieve their objectives, including deploying ransomware," according to the 2023 DBIR. Such attacks are a pronounced threat to public sector cyber security, in fact, system Intrusion was present in 300 out of 582 confirmed public administration breaches.

Malware and ransomware, which can exist in systems for several months or longer before being identified, have remained a steady threat and should continue to be a major focus for your organization.

The persistent human threat

Alongside deliberately malicious insiders, there remains a heightened risk from those who succumb due to poor security training or negligence. Of the 3,270 Public Administration DBIR incidents:

  • 2,076 user devices were the asset impacted.
  • 1,999 Lost and Stolen Assets were involved.
  • Error was involved in 2,069.

Solutions to help improve cyber security

Seek out a solutions provider with a range of service offerings that can empower your government cyber security team to mitigate the threats listed above, and many others.

Secure Service Access Service Edge (SASE) Management provides change management, incident management and health monitoring on specific cloud security service instances. A service instance for SASE Management is the unique cloud security tenant that is managed by Verizon. Integrated support will be provided across the customer’s cloud security instances and Verizon-managed Software Defined WAN (SD WAN) which are connected to their cloud security instances.

Secure Cloud Fabric helps provide secure, private multi-cloud connectivity through software-defined circuits. With a secure cloud fabric, government agencies can create a non-bifurcated infrastructure that allows for a secure, private connection between their different cloud environments, regardless of whether they are hosted on public or private clouds. This means that data can be transferred between different cloud environments without having to go through the public internet which is vulnerable to bad actors. This also supports private government agency-to-government agency communication. 

Mobile Device Security and Endpoint protection solutions can help protect your organization against bad actors. With the increase in remote work and remote access, government agencies need a variety of customizable and scalable solutions to help secure endpoints.

Endpoint Security can help you safeguard servers and endpoints, such as laptops, desktops and mobile devices, from today’s growing and ever-changing threats.

Cyber Risk Programs is a customizable, continuous, objective, risk assessment and management program designed to help measure the effectiveness of cyber risk controls. It helps identify risks that potentially threaten the organization, assets and brand reputation.

Verizon's Advanced Security Operations Center (SOC) solutions can be customizable cyber security event-monitoring solutions, designed for agencies looking to help enhance their SIEM and related security investments with a monitoring and analytics ecosystem customized to their specifications and requirements. These SOC-based solutions provide a hybrid operating model leveraging a dedicated team of highly skilled security analysts working in a dedicated environment. These analysts monitor and analyze security events for the customer, providing alerts based on an agreed service level through an appropriate interface, agreed with the client. Verizon's Security Operations Center (SOC) managed services are offered in two varieties:

  • Advanced Security Operations Center (Advanced SOC) utilizes agencies’ existing cyber security tools and processes to help provide highly customized 24x7x365 threat monitoring, detection, and response services to help address advanced attacks. With this solution, you get curated daily threat intelligence feeds, as well as access to our highly-skilled team of security analysts, to help monitor your environment and alert you to potential cyber threats to your agency. Ultimately, this customized SOC service helps improve an agency’s ability to better mitigate cyber risk and helps to enable internal teams to focus on potentially higher-value tasks.
  • Managed Security Information and Event Management (Managed SIEM) is a cyber security event-monitoring service built for agencies that want to add monitoring to their  SIEM toolkit. Managed SIEM allows them to take the monitoring and analytics information gathered on their SIEM into the Verizon SOC or Unified Security Portal so that Verizon’s team of highly skilled security analysts can help monitor their specific events and send timely alerts to them. With the Managed SIEM service, agencies can enhance their response , incident management, security intelligence and reporting.

Threat intelligence, automation, and better endpoint security for mobile devices can be enhanced through partnering with cyber security leaders that can deliver managed and professional security services, as well as private and secure network connections. Help identify security risks and threats before they can potentially seriously harm your organization with a public sector security assessment.  

To find out more about the threat landscape in the public sector space, whether you're managing federal, state or local government cyber security, check out the latest Verizon DBIR.

The author of this content is a paid contributor for Verizon.

1 Verizon, 2023 Data Breach Investigations Report

2 Verizon, 2023 Data Breach Investigations Report: Public Sector Snapshot