Thank you.

You will soon receive an email with a link to confirm your access. When you click to confirm from your email, your document will be available for download.

If you do not receive an email within 2 hours, please check your spam folder.

Thank you.

You may now close this message and continue to your article.

  • Greetings! Welcome to the 2021 Data Breach Investigations Report (DBIR)! We always appreciate you, our readers, but this year we would like to say thank you for just showing up. Thanks for simply making it through the often frightening and always unpredictable dystopian wasteland that was 2020, and still having enough interest and energy to care about making the world a safer place. By the time you read this, it is devoutly to be hoped that we have moved on to a place of relative safety, somewhere beyond Thunderdome if you will.

    Recent events around the world have been deemed by many to be sufficient cause to re-evaluate their priorities. In similar fashion, we have stepped back and taken another look at what we have been doing over the past few years. This exercise led to a revamp of our patterns, the creation of some shiny new ones and the recalibration of some others. It is our hope that doing this will increase awareness of where possible dangers lie, and how organizations may best avoid them. Perhaps we should say “probable dangers,” since one lesson from 2020 is that many more things are possible than we might imagine. What is impossible is to accurately predict what those things might be. Therefore, we will not meddle with words like “possible,” but will confine ourselves to what is “probable.”

    This year we analyzed 79,635 incidents, of which 29,207 met our quality standards and 5,258 were confirmed data breaches, sampled from 88 countries around the world. Once again, we include breakouts for 11 of the main industries, the SMB section, and we revisit the various geographic regions studied in the prior report to see how they fared over the last year. We also include our Center for Internet Security (CIS) control recommendation mapping, because the world being unpredictable and uncertain doesn’t mean your security strategy has to be.

    As always, we wish to humbly say thank you to our 83 contributors, both old and new. This report would not be possible without you and we are always grateful for your continued support. Likewise, we thank you again, our readers, for continuing to share this journey with us.

    The DBIR Team

    Gabriel Bassett
    C. David Hylender
    Philippe Langlois
    Alexandre Pinto
    Suzanne Widup

Let's get started.