-
This year we looked at 29,207 incidents, which boiled down to 5,258 confirmed data breaches (Table 8468227d). Once again, we break these incidents and breaches into their respective industries to illustrate that all industries are not created equal in terms of attack surfaces and threats. The kind of attacks suffered by a particular industry will have a lot to do with what kinds of infrastructure they rely on, what kind of data they handle, and how people (customers, employees, and everyone else) interact with them.
A large organization whose business model focuses entirely on mobile devices, where customers use an app on their phone, will have different risks than a small mom and pop shop with no internet presence, but who uses a Point of Sale vendor to manage their systems for them. The infrastructure, and conversely the attack surface, largely drives the risk.
While keeping that in mind, we caution our readers not to make inferences about the security posture (or lack thereof) of a particular sector based on how many breaches or incidents that industry reports. These numbers are heavily influenced by several factors, including data breach reporting laws and partner visibility. Because of this, some of the industries have very low numbers, and as with any small sample, we must caution you that our confidence in any statistics derived from that small number must also be less.
As in past years, we have broken down the breaches and incidents by industry in a heat map that categorizes the data into Patterns, Actions and Assets (Figures 95 and 96 respectively). These figures help to answer the “so what?” question in our data, and are useful as indications of what the attack patterns an organization is most likely to encounter, given their industry. This, paired with the CIS Controls in each industry section, can be a guide for determining how best to mitigate risk.
Introduction to industries
- 2021 DBIR
- DBIR Master's Guide
- Results and Analysis
- Incident Classification Patterns
- Data Breach Statistics By Industry
- Accommodation Food Services
- Entertainment Data Breaches
- Educational Services Data Breaches
- Financial Services Data Breaches
- Healthcare Data Breaches Security
- Information Industry Data Breaches
- Manufacturing Data Breaches
- Energy Utilities Data Breaches
- Professional Technical Scientific Services
- Public Administration Data Breaches
- Retail Data Breaches Security
- SMB Data Breaches Deep Dive
- Introduction by Regions
- Year in Review 2021
- Appendices
- 2021 DBIR Corrections
- Download the full report (PDF)
Thank You.
Thank you.
You will soon receive an email with a link to confirm your access. When you click to confirm from your email, your document will be available for download.
If you do not receive an email within 2 hours, please check your spam folder.
Thank you.
You may now close this message and continue to your article.
-
Incidents Total Small
(1-1,000)Large
(1,000+)Unknown Breaches Total Small
(1-1,000)Large
(1,000+)Unknown Total 29,207 1,037 819 27,351 5,258 263 307 4,688 Accommodation (72) 69 4 7 58 40 4 7 29 Administrative (56) 353 8 10 335 19 6 7 6 Agriculture (11) 31 1 0 30 16 1 0 15 Construction (23) 57 3 3 51 30 3 2 25 Education (61) 1,332 22 19 1,291 344 17 13 314 Entertainment (71) 7,065 6 1 7,058 109 6 1 102 Finance (52) 721 32 34 655 467 26 14 427 Healthcare (62) 655 45 31 579 472 32 19 421 Information (51) 2,935 44 27 2,864 381 35 21 325 Management (55) 8 0 0 8 1 0 0 1 Manufacturing (31-33) 585 20 35 530 270 13 27 230 Mining (21) 498 3 5 490 335 2 3 330 Other Services (81) 194 3 2 189 67 3 0 64 Professional (54) 1,892 793 516 583 630 76 121 433 Public (92) 3,236 22 65 3,149 885 13 30 842 Real Estate (53) 100 5 3 92 44 5 3 36 Retail (44-45) 725 12 27 686 165 10 19 136 Wholesale Trade (42) 80 4 10 66 28 4 7 17 Transportation (48-49) 212 4 17 191 67 3 8 56 Utilities (22) 48 1 2 45 20 1 2 17 Unknown 8,411 5 5 8,401 868 3 3 862 Total 29,207 1,037 819 27,351 5,258 263 307 4,688 Table 4. - Number of security incidents and breaches by victim industry and organization size
-
When discussing the industries with a small sample, we will provide ranges within which the actual value may reside. This allows us to maintain our confidence interval while still providing you with an idea of what the actual number might be, had we been given a large enough sample. For example, instead of saying “In the Accommodation industry, 92% of attacks were Financially motivated,” we show that Financially motivated attacks ranged between 86 and 100%. Check out our riveting Methodology section for more information about the statistical confidence background used throughout this report.
Check out our riveting Methodology section for more information about the statistical confidence background used throughout this report.
-
It is worth noting that some of the industry sections this year may look smaller than usual. This is because we did not want to steal the thunder from the deep-dive analysis we did on the new Patterns. If you are just here for a glimpse of your industry,73 our recommendation is to verify what the Top Patterns are in the At-a-Glance table accompanying each industry and then spend some time with those pattern sections.
We also provide a description of which CIS Controls® from Implementation Group 1 (IG1) to prioritize in each industry section for ease of reading in case you want to get straight to strategizing your security moves.
-
73 We can’t blame you. Sometimes we eat the dessert first, too.
Let's get started.
Choose your country to view contact details.
- Select Country...
- United States
- Argentina
- Australia
- Austria
- Belgium
- Brazil
- Canada
- Chile
- China
- Colombia
- Costa Rica
- Denmark
- Finland
- France
- Germany
- Hong Kong
- India
- Ireland
- Italy
- Japan
- Korea
- Luxembourg
- Mexico
- Netherlands
- New Zealand
- Norway
- Panama
- Portugal
- Singapore
- Spain
- Sweden
- Switzerland
- Taiwan
- United Kingdom
- United States
- Venezuela
-
Call for Sales.
Or we'll call you.
Existing customers, sign in to your business account or explore other support options.