-
Frequency
2,561 incidents, 378 with confirmed data disclosure
Top patterns
System Intrusion, Basic Web Application Attacks, and Miscellaneous Errors represent 81% of breaches
Threat actors
External (76%), Internal (24%) (breaches)
Actor motives
Financial (78%), Espionage (20%), Ideology (1%), Grudge (1%) (breaches)
Data compromised
Personal (66%), Other (35%), Credentials (27%), Internal (17%) (breaches)
Top IG1 protective controls
Security Awareness and Skills Training (CSC 14), Secure Configuration of Enterprise Assets and Software (CSC 4), Access Control Management (CSC 6)
What is the same?
Surprisingly, over the last five years Social breaches have remained roughly the same. This may be because Social breaches are targeting customers resulting in Hacking breaches (which have also stayed pretty level) to the company due to stolen credentials.
Summary
System Intrusion moves ahead of Errors and Basic Web Application Attacks to claim the top spot this year in breaches, meanwhile DDoS maintains its top position in incidents. Malware has seen a noticeable rise over the past two years, while Errors appear to be on the down swing since their rise five years ago.
Information
NAICS 51
- 2022 DBIR
- Master Guide
- Introduction
- Summary of Findings
- Results and Analysis Intro
- Results and Analysis - Intro to Patterns
- Results and Analysis - Not the Human Element
- Results and Analysis - Basic Web Application Attacks
- Industries
- Intro to Industries
- Accommodation and Food Services Data Breaches
- Arts and Entertainment Data Breaches
- Data Breaches in Education
- Financial Services Data Security Breaches
- Healthcare Data Breaches
- Information Industry Data Breaches
- Data Breaches in Manufacturing Industries
- Data Breaches in Energy & Utilities Industries
- Professional Services Data Breaches
- Public Administration Data Breaches
- Retail Data Breaches and Security
- Small Business Data Breach Statistics
- Intro to Regions
- Wrap Up
- Appendices
- Corrections
- Download the full report (PDF)
Please provide the information below to view the online Verizon Data Breach Investigations Report.
Thank You.
Thank you.
You will soon receive an email with a link to confirm your access, or follow the link below.
Thank you.
You may now close this message and continue to your article.
-
Patterns
5-Year difference
3-Year difference
Basic Web Application Attacks
No change
No change
Miscellaneous Errors
Greater
Less
System Intrusion
Greater
Greater
-
Pattern
Difference with peers
System Intrusion
No change
Basic Web Application Attacks
Greater
Miscellaneous Errors
Greater
-
Last year, not unlike your boss at your last performance review, we highlighted the Errors in the Information industry. However, as we can see in Figure 88, there has been clear progress that we can put on the mid-year review. Errors have experienced a decline since their upswing half a decade ago in 2017.
-
To maintain the balance however, malware has seen a measurable increase over the last two years. That is reflected in Figure bbf55dbd. System Intrusion has jumped to the top in this vertical, even rising above Basic Web Application Attacks.
One interesting effect of having System Intrusion in the number one position is that the Information industry contains a smorgasbord of Action varieties. Use of stolen creds is the most common, but after that, a legion of varieties are present, with Ransomware, Misconfiguration, Backdoor or C2, and Export Data appearing in more than 4% of breaches. In fact, Information is tied for 2nd place in industries by the number of varieties above 4% at 17 different action varieties.
Figure 90 illustrates the top incidents, dominated by DDoS attacks and System Intrusions (which are driven by Ransomware). Please be sure not to forget about DDoS–while it is relatively easy to mitigate, it has certainly not gone away.
Finally, Figure 91 provides a look into something else that’s easy to forget: botnets. The information industry takes the top spot in botnets for the second year running. Botnet breaches are often masked at the victim organization because they only see the malicious login, and not that the bot also stole the credentials.
Let's get started.
Choose your country to view contact details.
- Select Country...
- United States
- Argentina
- Australia
- Austria
- Belgium
- Brazil
- Canada
- Chile
- China
- Colombia
- Costa Rica
- Denmark
- Finland
- France
- Germany
- Hong Kong
- India
- Ireland
- Italy
- Japan
- Korea
- Luxembourg
- Mexico
- Netherlands
- New Zealand
- Norway
- Panama
- Portugal
- Singapore
- Spain
- Sweden
- Switzerland
- Taiwan
- United Kingdom
- United States
- Venezuela
-
Call for Sales.
Or we'll call you.
Existing customers, sign in to your business account or explore other support options.