Industries: Introduction

Please provide the information below to view the online Verizon Data Breach Investigations Report.

The information provided will be used in accordance with our terms set out in our Privacy Notice. Please confirm you have read and understood this Notice.

By submitting the form, you are agreeing to receive insights, reports and other information from Verizon and affiliated companies in accordance with our Privacy Policy. California residents can view our California Privacy Notice.

Verizon may wish to contact you in the future concerning its products and/or services. If you would like to receive these communications from Verizon, indicate by selecting from the dropdown menu below. Please note that you can unsubscribe or update your preferences at any time.

Indicates a required field. The content access link will be emailed to you.

View only

Thank You.

Thank you.

You will soon receive an email with a link to confirm your access, or follow the link below.

Download this document

Thank you.

You may now close this message and continue to your article.

If you are a new reader, you may find this introduction of some use. If, on the other hand, you are a long-time reader then just move along, this will all be familiar territory. The 2023 DBIR examined 16,312 incidents, of which 5,199 were confirmed data breaches. We take a look at both from the point of view of their respective industries in the upcoming sections. Attacks that consistently prey on one industry may not affect another industry at all. Attack surfaces, the interest of specific threat actors and the infrastructure a given industry relies upon all play a big role in how they experience security incidents. The types and quantity of data the industry handles, how people (customers, employees, etc.) interact with them, and a host of other factors too numerous to mention will also dictate the kinds of attacks each industry encounters. 

A large organization whose business model focuses entirely on mobile devices and the apps it includes will naturally have a different set of risks than a very, very small business with no internet presence, but who use a point-of-sale vendor to manage their systems for them. The infrastructure, and conversely the attack surface, largely drives the risk. 

Therefore, we caution our readers not to make inferences about the security posture (or lack thereof) of a particular sector47 based on how many breaches or incidents an industry reports. These numbers are heavily influenced by several factors, including data breach reporting laws and partner visibility. Because of this, some of the industries have very low numbers, and as with any small sample, we must advise readers that our confidence in any statistics derived from a small number must also be less. 

If you are reading this only for a glimpse of your industry, our recommendation is to verify what the top patterns are on the summary table accompanying each industry and also spend some time with those pattern sections.

Table 2. Number of security incidents and breaches by victim industry and organization size


Incidents

2023 Data Breach Investigations Report

Breaches

2023 Data Breach Investigations Report

47 Legal made us say that, of course, you should totally ridicule your [fren]emies in other industries.

Let's get started.