Key Takeaways – Verizon 2023 Data Breach Investigation Report

What are some of the key takeaways from the Verizon 2023 Data Breach Investigations Report?

Verizon published its annual Data Breach Investigations Report (DBIR) this past week. It’s one of the most popular reports in the cybersecurity community as it provides a detailed analysis of real-world incidents.

This year’s edition profiled more than 16,000 security incidents and 2,500 breaches, providing insight into some of the leading causes, financial impacts and trends.

The complete online report is available here, with our key takeaways below.

Business Email Compromise is Growing (BEC)

BEC attacks continue to increase and now represent more than 50% of social engineering attacks. This is nearly double the amount of last year’s DBIR report and is no surprise as BEC attacks offer significantly larger payouts with less effort than ransomware attacks.  

Social Engineering on the Rise

Social engineering incidents have increased since last year and 50% of these are pretexting incidents, which are commonly used in BEC attacks. In addition to an increase in incidents, the median amount stolen from these attacks has increased to $50,000.

Ransomware Stays the Same

While ransomware remains a popular tactic among threat actors, the actual share of breaches involving ransomware stayed steady from last year at 24%, although the median cost of a ransomware attack increased to $26,000. This doesn’t necessarily mean that ransomware attacks are the on decline, but rather that threat actors are evolving attack methods to combat new security technology.

Money is the Motive

While this is no surprise to anybody, 95% of breaches are financially driven. One interesting note this year is the significant rise in breaches involving cryptocurrency. The DBIR recorded a fourfold increase in breaches involving cryptocurrency. It will be interesting to see where this number lands next year.

Threat Actors

External threat actors were responsible for 83% of breaches, which is in line with past DBIR reports and commonplace knowledge in any cybersecurity discussion. Internal actors came in second at 19% and partners (third parties) at 8%.  it is important to note that internal actors include insider threats who act intentionally, as well as internal actors who simply make a mistake.

The People Problem

Speaking of internal actors, the human element is still a big problem as 74% of all breaches are attributed to human error, privilege misuse, stolen credentials or social engineering. This is why security education and awareness training are still crucial to securing your organization.

For more information, you can access the complete DBIR at https://www.verizon.com/business/resources/reports/dbir/.

About Schneider Downs Cybersecurity

The Schneider Downs Cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.

Want to be in the know? Subscribe to our bi-weekly newsletter, Focus on Cybersecurity, at www.schneiderdowns.com/subscribe.

To learn more, visit our dedicated Cybersecurity page.

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2023 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
SEC Charges SolarWinds and CISO Timothy Brown For Misleading Investors
Think Before You Click: Fake Browser Updates are Back in Style
Protect Your Manufacturers: 3 Common Cyber Attack Methods to Watch Out for in 2023
Protect Your Students, Faculty and Staff: 3 Common Cyber Attack Methods to Watch Out for in 2023
Protect Your Retail Business: 3 Common Cyber Attack Methods to Watch Out for in 2023
Cybersecurity in the Construction Industry
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us
Pittsburgh

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.

×