Introduction to industries

Please provide the information below to view the online Verizon Data Breach Investigations Report.

Thank you.

Thank you.

You may now close this message and continue to your article.

  • This year we looked at 29,207 incidents, which boiled down to 5,258 confirmed data breaches (Table 8468227d). Once again, we break these incidents and breaches into their respective industries to illustrate that all industries are not created equal in terms of attack surfaces and threats. The kind of attacks suffered by a particular industry will have a lot to do with what kinds of infrastructure they rely on, what kind of data they handle, and how people (customers, employees, and everyone else) interact with them.

    A large organization whose business model focuses entirely on mobile devices, where customers use an app on their phone, will have different risks than a small mom and pop shop with no internet presence, but who uses a Point of Sale vendor to manage their systems for them. The infrastructure, and conversely the attack surface, largely drives the risk.

    While keeping that in mind, we caution our readers not to make inferences about the security posture (or lack thereof) of a particular sector based on how many breaches or incidents that industry reports. These numbers are heavily influenced by several factors, including data breach reporting laws and partner visibility. Because of this, some of the industries have very low numbers, and as with any small sample, we must caution you that our confidence in any statistics derived from that small number must also be less.

    As in past years, we have broken down the breaches and incidents by industry in a heat map that categorizes the data into Patterns, Actions and Assets (Figures 95 and 96 respectively). These figures help to answer the “so what?” question in our data, and are useful as indications of what the attack patterns an organization is most likely to encounter, given their industry. This, paired with the CIS Controls in each industry section, can be a guide for determining how best to mitigate risk.

  • Incidents Total Small
    (1-1,000)
    Large
    (1,000+)
    Unknown Breaches Total Small
    (1-1,000)
    Large
    (1,000+)
    Unknown
    Total 29,207 1,037 819 27,351   5,258 263 307 4,688
    Accommodation (72) 69 4 7 58   40 4 7 29
    Administrative (56) 353 8 10 335   19 6 7 6
    Agriculture (11) 31 1 0 30   16 1 0 15
    Construction (23) 57 3 3 51   30 3 2 25
    Education (61) 1,332 22 19 1,291   344 17 13 314
    Entertainment (71) 7,065 6 1 7,058   109 6 1 102
    Finance (52) 721 32 34 655   467 26 14 427
    Healthcare (62) 655 45 31 579   472 32 19 421
    Information (51) 2,935 44 27 2,864   381 35 21 325
    Management (55) 8 0 0 8   1 0 0 1
    Manufacturing (31-33) 585 20 35 530   270 13 27 230
    Mining (21) 498 3 5 490   335 2 3 330
    Other Services (81) 194 3 2 189   67 3 0 64
    Professional (54) 1,892 793 516 583   630 76 121 433
    Public (92) 3,236 22 65 3,149   885 13 30 842
    Real Estate (53) 100 5 3 92   44 5 3 36
    Retail (44-45) 725 12 27 686   165 10 19 136
    Wholesale Trade (42) 80 4 10 66   28 4 7 17
    Transportation (48-49) 212 4 17 191   67 3 8 56
    Utilities (22) 48 1 2 45   20 1 2 17
    Unknown 8,411 5 5 8,401   868 3 3 862
    Total 29,207 1,037 819 27,351   5,258 263 307 4,688

    Table 4. - Number of security incidents and breaches by victim industry and organization size

  •  

    When discussing the industries with a small sample, we will provide ranges within which the actual value may reside. This allows us to maintain our confidence interval while still providing you with an idea of what the actual number might be, had we been given a large enough sample. For example, instead of saying “In the Accommodation industry, 92% of attacks were Financially motivated,” we show that Financially motivated attacks ranged between 86 and 100%. Check out our riveting Methodology section for more information about the statistical confidence background used throughout this report.

  • Check out our riveting Methodology section for more information about the statistical confidence background used throughout this report.

  • It is worth noting that some of the industry sections this year may look smaller than usual. This is because we did not want to steal the thunder from the deep-dive analysis we did on the new Patterns. If you are just here for a glimpse of your industry,73 our recommendation is to verify what the Top Patterns are in the At-a-Glance table accompanying each industry and then spend some time with those pattern sections.

  • We also provide a description of which CIS Controls® from Implementation Group 1 (IG1) to prioritize in each industry section for ease of reading in case you want to get straight to strategizing your security moves.

  • 73 We can’t blame you. Sometimes we eat the dessert first, too.

Let's get started.