Financial and Insurance
(NAICS 52)

Please provide the information below to view the online Verizon Data Breach Investigations Report.

The information provided will be used in accordance with our terms set out in our Privacy Notice. Please confirm you have read and understood this Notice.

By submitting the form, you are agreeing to receive insights, reports and other information from Verizon and affiliated companies in accordance with our Privacy Policy. California residents can view our California Privacy Notice.

Verizon may wish to contact you in the future concerning its products and/or services. If you would like to receive these communications from Verizon, indicate by selecting from the dropdown menu below. Please note that you can unsubscribe or update your preferences at any time.

Indicates a required field. The content access link will be emailed to you.

View only

Thank You.

Thank you.

You will soon receive an email with a link to confirm your access, or follow the link below.

Download this document

Thank you.

You may now close this message and continue to your article.

Frequency

 

1,832 incidents, 480 with confirmed data disclosure

Top patterns

 

Basic Web Application Attacks, Miscellaneous Errors and System Intrusion represent 77% of breaches

Threat actors

 

External (66%), Internal (34%), Multiple (1%) (breaches)

Actor motives

 

Financial (97%), Espionage (3%), Convenience (1%), Ideology (1%) (breaches)

Data compromised

 

Personal (74%), Credentials (38%), Other (30%), Bank (21%) (breaches)

What is the same?

 

The top three patterns remain the same, but their order of ascendancy has rearranged. Personal data, very useful for fraud, continues to be the most desired data type stolen.

Summary

 

With Basic Web Application Attacks as the top pattern, we know that the adversaries are successfully gaining access without too much effort. This, combined with the Misdelivery error, indicates there is room for good controls to cover a decent percentage of attacks in this sector.

These attacks are so basic.

“We were compromised by a highly sophisticated cyberattack.” So reads a large percentage of data breach notification letters. But really, just how sophisticated is a brute-forced password? Or better still, credential stuffing where you don’t even have to guess the password—you’ve acquired it from another breach! The Basic Web Application Attacks pattern is the most prevalent in this sector, which means those not-so-complex attacks are succeeding splendidly for the adversaries. Why put forth a ton of effort when just a little will do?

Wait—did I give you that?

Another prominent attack involves Internal actors making mistakes. Misdelivery—where protected data is sent to the wrong recipient—is the most common. Sometimes it is a matter of paper documents going to the wrong people, and other times it is just the electronic version that goes astray. Either way, extra care needs to be given to catching these kinds of Errors before they cause a data breach.

Make them work for it.

Rounding out the top three is the pattern that requires adversaries to actually put forth a bit of effort, System Intrusion. While it dropped from 27% to 14% this year (allowing Miscellaneous Errors to dominate), it remains a serious issue. This illustrates that at least some of the time, adversaries had to trot out their more sophisticated techniques in order to get the job done. Interestingly, Ransomware is decreasing as a favorite tactic in this pattern for this sector. We discuss it more in depth in the introduction of the “Incident Classification Patterns” section in case if you skipped that part. We know, some of you just read the DBIR for the pictures.

Let's get started.