Regional analysis

Please provide the information below to view the online Verizon Data Breach Investigations Report.

Thank you.

You will soon receive an email with a link to confirm your access, or follow the link below.

Download this document

Thank you.

You may now close this message and continue to your article.

In this section, we once again examine cybercrime from a macro-regional point of view. We do this in the hope that it will be a quick and easy way for readers to learn how cybercrime trends differ and how they remain consistent from one geographical region of the world to the next. As always, our visibility into a given area is determined by many variables, including regional disclosure laws, our own dataset and where our data contributors conduct business. If you feel that your own patch of ground is not featured adequately in the following pages, please contact us about becoming a data contributor and motivate other organizations in your area to do the same. Please keep in mind that even if your region is not represented here, it doesn’t mean we have no visibility into the region but rather that we don’t have a sufficient number of incidents in that area to provide a statistically significant section.

We define the regions of the world in accordance with the United Nations M4997 standards, which combine the super-region and sub-region of a country together. By so doing, the regions we will examine are as follows:

APAC: Asia and the Pacific, including Southern Asia (034), South-eastern Asia (035), Central Asia (143), Eastern Asia (030) and Oceania (009)

EMEA: Europe, Middle East and Africa, including Northern Africa (015), Europe (150) and Eastern Europe (151), and Western Asia (145)

NA: Northern America (021), which primarily consists of breaches in the United States and Canada

Many readers may recognize the At-a-glance tables that we place at the top of each major section. We have combined them to provide a quick look at how each of the regions compares to the others with regard to the frequency of incidents, top patterns and so on.



Top patterns

Threat actors

Actor motives

Data compromised


2,130 incidents, 523 with confirmed data disclosure

System Intrusion, Social Engineering and Basic Web Application Attacks represent 95% of breaches

External (98%), Internal (2%) (breaches)

Financial (75%), Espionage (25%) (breaches)

Credentials (69%), Internal (37%), Secrets (24%), Other (17%) (breaches)


8,302 incidents, 6,005 with confirmed data disclosure

Miscellaneous Errors, System Intrusion and Social Engineering represent 87% of breaches

External (51%), Internal (49%) (breaches)

Financial (94%), Espionage (6%) (breaches)

Personal (64%), Other (36%), Internal (33%), Credentials (20%) (breaches)


16,619 incidents, 1,877 with confirmed data disclosure

System Intrusion, Social Engineering and Basic Web Application Attacks represent 91% of breaches

External (93%), Internal (8%) (breaches)

Financial (97%), Espionage (4%) (breaches)

Personal (50%), Credentials (26%), Internal (19%), Other (16%) (breaches)

Table 3.
At a glance for regions

Data Breach Investigation Report figure 76
Data Breach Investigation Report figure 77
Data Breach Investigation Report figure 78

Around the world in 4 paragraphs

This year we were fortunate enough to have new contributors from EMEA join us. Due to the nature of contributing agencies along with the reporting requirements in that region, we have seen a substantial rise in the Miscellaneous Errors pattern. So much so that it is now the top pattern for the EMEA region. Any time we have a new contributor dataset that is larger in nature or has a propensity to report on specific types of actions (in this case, errors) we observe the resultant skewing of the data that one might expect. Perhaps next year we will be better positioned to determine if this jump in Miscellaneous Errors will continue or level out to be more consistent with the other patterns.

If we set aside the Error-heavy datasets and take a look at the regions through this lens, we can see that the System Intrusion pattern remains among the top for all regions. As always, the two main action types that we see represented in the System Intrusion pattern are hacking via the Use of stolen credentials and malware (most often) in the form of Ransomware. The “sans error” dataset also illustrates that the System Intrusion pattern has neither risen nor fallen significantly from last year but has instead held a relatively straight trajectory.98

Social Engineering, on the other hand, has increased somewhat significantly from 29% to 45% when viewed across the whole dataset (mostly driven by Northern America, where it represents 56% of breaches). Extortion was the greatest driver of this growth in NA as it was present in 46% of its breaches. Our other Social Engineering favorites had a more timid showing in Northern America breaches: 13% for Phishing and 4% for Pretexting.

With regard to actors, the majority of cybercrime continues to be carried out by financially motivated external parties. One notable exception is that of APAC, where instead of more than 90% of attacks being financially motivated, we see that the Espionage motive is greater than it is elsewhere and accounts for 25% of breaches (as opposed to between 4% and 6% in the other regions). As a result, the data variety of Internal accounts for 37%, while Secrets is at 24% for APAC. These data types typically do not appear in the top three spots for the other regions. Meanwhile, Credentials make up a whopping 69% of compromised data in APAC. As we mentioned in the 2023 DBIR, while we frequently have visibility into what data types are stolen, we do not always know the details to explain precisely why. We do know that regulatory requirements differ from one region to the next and, consequently, this may make some types of data harder to get than others. However, it is clear that Credentials and Personal data figure prominently in cybercrime regardless of where you are located.

From the Cyber Security Agency of Singapore

Building a trusted and resilient cyberspace requires collective effort and partnership from both governments and the industry. Neither of us can do this by ourselves; we share the responsibility of securing cyberspace for all users. Forging strong public-private partnerships is necessary for strengthening cybersecurity on multiple fronts. This can include threat intelligence sharing to enhance visibility, conducting joint operations to combat sophisticated cyber threats, or jointly investing in the development of much needed capabilities.

This is why the Cyber Security Agency of Singapore (CSA) is committed towards developing deep partnerships with the industry. CSA has various Memoranda of Understanding with important industry partners that helps us to tackle cybersecurity issues of the day together. These memoranda allow us to take on collaborative efforts, including the detection of global malicious cyber or information campaigns, and joint development of mobile security measures to ensure that Singapore’s users are protected from common instances of malware. For example, CSA partnered with Google to pilot a new enhanced protection feature within Google Play Protect to further safeguard Android mobile users against malware-enabled scams. This enhanced protection feature will analyze and automatically block the installation of apps from Internet sideloaded sources—browsers, messaging apps and file managers—that declare their intent to use sensitive permissions that are frequently used for financial fraud and scams.

These collaborations also extend towards policy areas. This year, CSA updated Singapore’s cybersecurity legislation. This update was done in consultation with industry partners and other stakeholders to understand emerging challenges in cyberspace and seek their views on how to ensure Singapore’s regulatory approach meets our policy intent, but is practical and commensurate to the cybersecurity risks represented by different essential service sectors and types of digital infrastructure or service.

CSA strongly believes that the industry has a crucial part to play in our collective cybersecurity, and can start by securing their products and services by design and default. This is especially important for the most vulnerable groups in society. This is why CSA has developed a “Safe App Standard” to help app developers and providers enhance the security of their mobile apps. We encourage DBIR readers to access these guidelines and more at CSA’s website.99

CSA looks forward to deepening our partnership with industry to further improve the security of our cyberspace.

We now draw your attention to the heatmap that is Figure 79. While it may not be as captivating to look at as the Mona Lisa, it is more useful, for enterprises at least. This map illustrates how different (or similar) attacks are based on geography (sort of like the At-a-glance section, but with much more detail). The heatmap shows incidents and breaches broken down into the following: top patterns, top action types and top asset varieties. This is a very handy tool to help you locate potential problem areas in your region.

Hopefully you will find this (especially when combined with other data found in this report, such as industry and organization size) informative with regard to what your organization might be more prone to in terms of attacks and can therefore assist you in creating your defense strategy.


Call Sales

Have us contact you
Request a call

Call for Public Sector