Professional, Scientific and Technical Services (NAICS 54)

Please provide the information below to view the online Verizon Data Breach Investigations Report.

Thank you.

You will soon receive an email with a link to confirm your access, or follow the link below.

Download this document

Thank you.

You may now close this message and continue to your article.



1,398 incidents, 423 with confirmed data disclosure

Top patterns


System Intrusion, Basic Web Application Attacks and Social Engineering represent 90% of breaches

Threat actors


External (92%), Internal (9%), Multiple (3%), Partner (2%) (breaches)

Actor motives


Financial (96%), Espionage (4%), Convenience (1%) (breaches)

Data compromised


Personal (57%), Credentials (53%), Other (25%), Internal (16%) (breaches)

What is the same?


System Intrusion, Basic Web Application Attacks and Social Engineering continue to be the main threats to organizations in this sector.



Even though the top patterns haven’t changed for this industry, this sector has experienced an increase in Ransomware over the year, with incidents following the same core vectors as the previous year.

This sector could perhaps be considered the lubricant that keeps all industries running smoothly. It consists of many disparate professions, including our lawyer friends [joke redacted by legal], accounting and various other business services. Much like the other sectors they serve, this industry is also affected by the big three patterns of System Intrusion (47%), Basic Web Application Attacks (25%) and Social Engineering (18%). 

With regard to action varieties, while we see DoS and Use of stolen creds among the top actions in Figure 59, we also see a good deal of Ransomware. This year, Ransomware accounted for approximately 23% of the incidents in this sector, which is a notable increase from last year’s 14%.

If you are wondering how these breaches occur, you need look no further than Web applications (55%), Email (25%) and Desktop sharing software (17%). Considering the frequent usage of stolen credentials and email, it might be a good time to remind folks to implement strong authentication practices and to encourage your team members to keep in mind the importance of staying diligent.

2023 Data Breach Investigations Report

Let's get started.