Public Administration (NAICS 92)

Please provide the information below to view the online Verizon Data Breach Investigations Report.

Thank you.

You will soon receive an email with a link to confirm your access, or follow the link below.

Download this document

Thank you.

You may now close this message and continue to your article.



12,217 incidents, 1,085 with confirmed data disclosure

Top patterns


Miscellaneous Errors, System Intrusion and Social Engineering represent 78% of breaches

Threat actors


Internal (59%), External (41%) (breaches)

Actor motives


Financial (71%), Espionage (29%) (breaches)

Data compromised


Personal (72%), Internal (37%), Other (31%), Credentials (17%) (breaches)

What is the same?


System Intrusion and Social Engineering remain top attack patterns in this sector.


Miscellaneous Errors, particularly Misdelivery, have surged to the top spot in this industry, reflecting the commonality of mistakes leading to breaches. System Intrusion now ranks second, followed by Social Engineering. The predominance of internal actors underscores the potential consequences of employee carelessness, with Errors accounting for the majority of breaches.

Owning up to your mistakes in public

Due to some of our new data contributors reporting on mandatory breach disclosures, there was an ascendency of the Miscellaneous Errors attack pattern to the top spot in this industry (Figure 70).96 The most common error in Public Administration was Misdelivery, where information (in whatever form) is delivered to the wrong recipient. While this happens frequently via email, it is also quite common with printed documents and, strangely, faxes. The Lost and Stolen Assets pattern (in second place last year) is no longer among the top three in spite of a rather impressive showing by Loss.

Actions speak louder than campaign promises.

Just as we see in the other verticals, System Intrusion and Social Engineering incidents remain commonplace and account for the next two patterns in this industry, respectively. While hacking only appeared in 31% of Public Sector breaches, it is clear that threat actors are still voting for the Use of stolen creds, which were involved in 83% of hacking-related breaches, mostly against web applications.

Data Breach Investigation Report figure 70

Malware figured in 27% of Public Sector breaches this year. Not unlike many other verticals, Ransomware was top of the heap with regard to malware varieties and accounted for 61% of malware-related breaches. Backdoors appeared in 38% of breaches involving malware, after which we saw a tight pack of several varieties jockeying for the third-place spot as illustrated in Figure 71.

The Social Engineering attacks we saw in Public Administration were mostly garden-variety Phishing (66% of breaches) and Pretexting (23%) attacks. No less concerning, but not really noteworthy in relation to the other findings.

Data Breach Investigation Report figure 71

Actors behaving badly

The fact that Internal actors are the top threat this year underlines the fact that even the most well-meaning employees can trigger a data breach simply by being careless. For all actors, Error actions accounted for 51% of the cases, while malicious internal actors only accounted for 8%. Figure 72 is an illustration of how the road to breaches is paved with good intentions.

If we set aside the error-related breaches and the End-users who cause them, the most common external actors in this vertical were Organized crime (largely Ransomware attacks) at 67% and State-affiliated actors (29%) (Figure 73).  And while we saw very little change in Espionage threat actors, we did see a slight uptick in financially motivated attacks.

Data Breach Investigation Report figure 72
Data Breach Investigation Report figure 73

96 We discuss in the “Results and analysis – Actors” section how mandatory breach reporting helps everyone understand the truer prevalence of breach causes.


Call Sales

Have us contact you
Request a call

Call for Public Sector