Professional, Scientific and Technical Services (NAICS 54)

Please provide the information below to view the online Verizon Data Breach Investigations Report.

First Name: Last Name: E-mail: Organization: Organization type Country:

The information provided will be used in accordance with our terms set out in our Privacy Notice. Please confirm you have read and understood this Notice.

By submitting the form, you are agreeing to receive insights, reports and other information from Verizon and affiliated companies in accordance with our Privacy Policy. California residents can view our California Privacy Notice.

I confirm I have read and understood

Verizon may wish to contact you in the future concerning its products and/or services. If you would like to receive these communications from Verizon, indicate by selecting from the dropdown menu below. Please note that you can unsubscribe or update your preferences at any time.

Indicates a required field. The content access link will be emailed to you.

View only

Thank You.

Thank you.

You will soon receive an email with a link to confirm your access, or follow the link below.

Download this document

Thank you.

You may now close this message and continue to your article.

Frequency		2,599 incidents, 1,314 with confirmed data disclosure
Top patterns		Social Engineering, System Intrusion and Miscellaneous Errors represent 85% of breaches
Threat actors		External (75%), Internal (25%) (breaches)
Actor motives		Financial (95%), Espionage (6%) (breaches)
Data compromised		Personal (40%), Credentials (38%), Other (33%), Internal (23%) (breaches)
What is the same?		Personal data and Credentials are still the top types of data impacted in this industry.

Summary

Social Engineering is one of the top threats facing this industry, accounting for 40% of breaches, and 20% of breaches are the result of Pretexting. In addition, there has been an increase in errors, specifically Misdelivery.

Casting wide nets

While the use of NAICS codes is helpful, we realize that they are not always the ideal way of creating peer groups. That is particularly the case with this industry, as the wide net it casts includes diverse organizations such as interior designers and nanotech companies. This industry does illustrate the types of breaches that affect most industries, whether they were intentional or accidental. Let’s take a look at the breakdown. Like many industries, we see Social Engineering and System Intrusion in the top patterns, although there’s also the inclusion of Miscellaneous Errors as seen in Figure 69.

When it comes to intentional breaches, the vast majority of those cases fall into two buckets: Ransomware and the BEC, at 24% and 20% respectively. This isn’t the first time that we’ve seen Ransomware in the top three, but it is one of the first times that we’ve seen such headway with Pretexting attacks. These have increased significantly from last year and now account for 40% of breaches. Lastly, organizations need to continue to protect the keys to the kingdom, with Credentials showing up in 34% of the breaches.

Although these credentials provide an important beachhead for criminals, we simply can’t forget the unintentional (or rarely intentional) insider. Even though 25% of breaches involved someone coming in from within the organization, the majority of them are Misdeliveries (12%), while only a handful involve individuals abusing their position (5%). This helps us remember that there are many more folks who are maladroit than malicious.