-
Frequency
3,566 incidents, 681 with confirmed data disclosure
Top patterns
System Intrusion, Basic Web Application Attacks, and Social Engineering represent 89% of breaches
Threat actors
External (84%), Internal (17%), Multiple (1%) (breaches)
Actor motives
Financial (90%), Espionage (10%) (breaches)
Data compromised
Credentials (56%), Personal (48%), Other (26%), Internal (14%) (breaches)
Top IG1 protective controls
Security Awareness and Skills Training (CSC 14), Access Control Management (CSC 6), Secure Configuration of Enterprise Assets and Software (CSC 4)
What is the same?
The top three attack patterns remain System Intrusion, Basic Web Application Attacks and Social Engineering, but they have changed order compared to last year’s report.
Summary
Denial of Service attacks are a serious problem in this industry, and while they rarely result in a data breach, they can still have significant impact. The System Intrusion attack pattern is the first position again this year, while Social attacks are less prominent, but still in the top three.
Professional, Scientific and Technical Services
NAICS 54
- 2022 DBIR
- Master Guide
- Introduction
- Summary of Findings
- Results and Analysis Intro
- Results and Analysis - Intro to Patterns
- Results and Analysis - Not the Human Element
- Results and Analysis - Basic Web Application Attacks
- Industries
- Intro to Industries
- Accommodation and Food Services Data Breaches
- Arts and Entertainment Data Breaches
- Data Breaches in Education
- Financial Services Data Security Breaches
- Healthcare Data Breaches
- Information Industry Data Breaches
- Data Breaches in Manufacturing Industries
- Data Breaches in Energy & Utilities Industries
- Professional Services Data Breaches
- Public Administration Data Breaches
- Retail Data Breaches and Security
- Small Business Data Breach Statistics
- Intro to Regions
- Wrap Up
- Appendices
- Corrections
- Download the full report (PDF)
Please provide the information below to view the online Verizon Data Breach Investigations Report.
Thank You.
Thank you.
You will soon receive an email with a link to confirm your access, or follow the link below.
Thank you.
You may now close this message and continue to your article.
-
Patterns
5-Year difference
3-Year difference
Basic Web Application Attacks
No change
No change
Social Engineering
Less
Less
System Intrusion
Greater
Greater
-
Pattern
Difference with peers
System Intrusion
Greater
Basic Web Application Attacks
No change
Social Engineering
No change
-
Services denied
As a NAICS code with the name of Professional, Scientific and Technical Services might imply, this sector relies on their internet presence to provide their highly skilled offerings to their customers. This means that when they are hit with a DoS attack, particularly the higher volume distributed varieties, they definitely feel the impact. This past year has been a hard one for this sector, with the DoS attacks accounting for almost half of the incidents recorded. And even though this type of attack rarely leads to a reportable data breach, it can still do significant damage to the victim.
The devil you know
Moving to breaches, the System Intrusion pattern remained at the top of our pyramid, while Basic Web Application Attacks and Social Engineering switched places. So, the same players remain on the field, they are simply playing different positions.
The perpetrators of these top three attack patterns tend to be External. The internal actor breaches were down this year by comparison to last year’s report. Surprisingly we saw a small uptick in the multiple actor breaches in this sector this year. These are when an external actor recruits an internal or partner actor to help them out with the breach activities. Sometimes they are paid for their troubles, and sometimes it is a more subtle form of influence by an acquaintance or significant other exerting pressure on the person with the access to data. Either way, the result is a breach that can be more difficult to detect, since it is someone on the inside facilitating the access under the guise of conducting their regular duties.
-
Days gone by
Looking back over the years in this sector, the Miscellaneous Errors pattern was in the top three. However, as Figure 99 shows, in 2019, the System Intrusion pattern began its meteoric rise to the top, eventually far surpassing Errors. This sector mirrors the overall dataset in terms of the top attack patterns. The top three here are the top three patterns in the full dataset, so clearly, these patterns are holding sway in a number of business categories.
Let's get started.
Choose your country to view contact details.
- Select Country...
- United States
- Argentina
- Australia
- Austria
- Belgium
- Brazil
- Canada
- Chile
- China
- Colombia
- Costa Rica
- Denmark
- Finland
- France
- Germany
- Hong Kong
- India
- Ireland
- Italy
- Japan
- Korea
- Luxembourg
- Mexico
- Netherlands
- New Zealand
- Norway
- Panama
- Portugal
- Singapore
- Spain
- Sweden
- Switzerland
- Taiwan
- United Kingdom
- United States
- Venezuela
-
Call for Sales.
Or we'll call you.
Existing customers, sign in to your business account or explore other support options.