Introduction

Please provide the information below to view the online Verizon Data Breach Investigations Report.

The information provided will be used in accordance with our terms set out in our Privacy Notice. Please confirm you have read and understood this Notice.

By submitting the form, you are agreeing to receive insights, reports and other information from Verizon and affiliated companies in accordance with our Privacy Policy. California residents can view our California Privacy Notice.

Verizon may wish to contact you in the future concerning its products and/or services. If you would like to receive these communications from Verizon, indicate by selecting from the dropdown menu below. Please note that you can unsubscribe or update your preferences at any time.

Indicates a required field. The content access link will be emailed to you.

View only

Thank You.

Thank you.

You will soon receive an email with a link to confirm your access, or follow the link below.

Download this document

Thank you.

You may now close this message and continue to your article.

“Success is stumbling from failure to failure with no loss of enthusiasm.” —attributed to Sir Winston Churchill
 

Hello and welcome old friends and new readers to the 2023 Verizon Data Breach Investigations Report! We are happy to have you join us once again as we take a look at the sordid underbelly of cybercrime and see what lessons we may collectively learn from doing so. It often seems that with every new defense strategy, appliance or Please-Save-Us-As-A-Service we create, buy or borrow, our adversaries are just as quick to adapt and find a new vantage point from which to attack. While this state of affairs is already unfortunate enough, it becomes worse still when we do not even require them to evolve their tactics because the old ones still work just fine.

Regardless of where we fall on the crazy-secure to not-so-secure spectrum, the quote above is a good road map to cybersecurity (and life in general). This report aims to take a look at the times when things did not work as intended—not to point fingers but to help us all learn and improve. In a time where almost everyone, corporations and individuals alike, is looking at ways to do more with less, we believe a close analysis of when our defenses failed can be very beneficial. While times of great change are always challenging, they often also prompt us to take stock of our situation and, if necessary, refocus both our viewpoint and our energies. Such is the case with the DBIR this year. As a team, we decided to take a step back toward the fundamental things that got us where we are, an intense focus on actual data breaches analyzed using our own VERIS Framework. And speaking of VERIS, one of the new goodies this refocusing brings is an even better mapping between VERIS and MITRE ATT&CK through a collaboration with MITRE Engenuity and the Center for Threat Informed Defense (CTID).2 It also helps that our parent organization, the Verizon Threat Research Advisory Center (VTRAC),3 shared the most breaches ever for us to analyze. Did you know it is VTRAC’s 20th anniversary this year? Save us a slice of that cake, boss!

As long-time readers will know, over the past few years, we have increasingly utilized non-incident data to add depth and dimension to our breach findings via various forms of research and analysis. While that remains a big part of what we do, as mentioned above, we did take purposeful steps toward a more direct focus on the breach side of the house this year. In short, the result of this was to make the report more concise and succinct and less unwieldy. This year we analyzed 16,312 security incidents, of which 5,199 were confirmed data breaches. As always, we hope you find this information informative, useful, easy to understand and actionable.

Finally, we thank our global data contributors most sincerely, as this report would quite literally not be possible without them. Of course, the same can be said of our readers, so please accept our deep gratitude for your continued support.

Sincerely,

The Verizon DBIR Team
C. David Hylender, Philippe Langlois, Alex Pinto, Suzanne Widup

Very special thanks to:
– Dave Kennedy and Erika Gifford from VTRAC.
– Kate Kutchko, Marziyeh Khanouki and Yoni Fridman from the Verizon Business Product Data Science Team.
– Gabriel Bassett for all the statistical tooling, charts and terrible jokes over the years. Good luck on your next adventure!

Let's get started.