Introduction

Please provide the information below to view the online Verizon Data Breach Investigations Report.

The information provided will be used in accordance with our terms set out in our Privacy Notice. Please confirm you have read and understood this Notice.

By submitting the form, you are agreeing to receive insights, reports and other information from Verizon and affiliated companies in accordance with our Privacy Policy. California residents can view our California Privacy Notice.

Verizon may wish to contact you in the future concerning its products and/or services. If you would like to receive these communications from Verizon, indicate by selecting from the dropdown menu below. Please note that you can unsubscribe or update your preferences at any time.

Indicates a required field. The content access link will be emailed to you.

View only

Thank You.

Thank you.

You will soon receive an email with a link to confirm your access, or follow the link below.

Download this document

Thank you.

You may now close this message and continue to your article.

From year to year, we see new and innovative attacks as well as variations on tried-and-true attacks that still remain successful. From the exploitation of well-known and far-reaching zero-day vulnerabilities, such as the one that affected MOVEit, to the much more mundane but still incredibly effective Ransomware and Denial of Service (DoS) attacks, criminals continue to do their utmost to prove the old adage crime does not pay wrong.

The shifting landscape of cyber threats can be confusing and overwhelming. When, in addition to the attack types mentioned above, one throws in factors such as the human element and/or poorly protected passwords, things become even more confused. One might be forgiven for viewing the current state of cybersecurity as a colorful cyber Mardi Gras parade. Enterprise floats of all shapes and sizes cruising past a large crowd of threat actors who are shouting out gleefully “Throw me some creds!” Of course, human nature being what it is, all too often, the folks on the floats do just that. And, as with all such parades, what is left in the aftermath isn’t necessarily pretty. The past year has been a busy one for cybercrime. We analyzed 30,458 real-world security incidents, of which 10,626 were confirmed data breaches (a record high!), with victims spanning 94 countries.

While the general structure of the report remains the same, long-time readers may notice a few changes. For example, the “first-time reader” section is now located in Appendix A rather than at the beginning of the report. But we do encourage those who are new to the DBIR to give it a read-through before diving into the report. It should help you get your bearings.

Last, but certainly not least, we extend a most sincere thanks yet again to our contributors (without whom we could not do this) and to our readers (without whom there would be no point in doing it).


Sincerely,

The Verizon DBIR Team
C. David Hylender, Philippe Langlois, Alex Pinto, Suzanne Widup

Very special thanks to:
– Christopher Novak for his continued support and insight
– Dave Kennedy and Erika Gifford from VTRAC
– Kate Kutchko, Marziyeh Khanouki and Yoni Fridman from the Verizon Business Product Data Science Team

Let’s
connect

Call Sales
877-297-7816

Have us contact you
Request a call

Call for Public Sector
844-825-8389