Verizon has published its 2023 Data Breach Investigations Report, providing insights into the latest cybercrime trends and data breaches. This annual report analyzes thousands of real-world security incidents to reveal patterns, vulnerabilities, and recommendations to strengthen defenses.
Now in its 16th edition, the highly-anticipated report acts as an industry benchmark for understanding the shifting threat landscape. It equips security teams with actionable intelligence to make strategic decisions and combat emerging attack techniques.
With contributions from over 90 global organizations, this year’s findings are based on an extensive dataset of over 16,000 incidents and 5,000 confirmed breaches. The analysis provides unprecedented visibility into the threat actors, motives, actions, targets, and impacts behind modern cyberattacks.
From ransomware campaigns to business email compromises, the report breakdowns the “who, what, where, when, why, and how” of data breaches affecting all industries. Its insights help enterprises, small businesses, and government agencies assess their risks, evaluate controls and reduce breach impact.
By revealing the latest cybercrime trends, the Data Breach Investigations Report arms defenders with the knowledge needed to enhance policies, educate users and strengthen defenses before the next breach strikes. With practical takeaways for security teams, the report has become an essential reference for organizations seeking to benchmark progress and avoid past mistakes.
The Data Breach Investigations Report analyzes thousands of cybersecurity incidents from the past year. Here are some of the main findings:
- Most data breaches are financially motivated. The top goal is to steal money or valuable data like credit card numbers.
- Hacking and malware cause most data breaches. Criminals break into networks in various ways, like phishing emails or exploiting vulnerabilities. They use malware to steal data without being detected.
- Many breaches involve stealing login credentials. Once criminals get a username and password, they can access sensitive systems and data. Stronger authentication like multi-factor authentication can help stop this.
- Human errors and misuse of data cause a significant number of breaches. Employees may accidentally email data to the wrong person or access data they shouldn’t. Proper training on handling data can reduce these mistakes.
- External actors cause most breaches, but insiders are responsible for nearly 1 in 5 breaches. Disgruntled or careless employees can do a lot of damage because they already have access.
- Ransomware remains a top threat, shutting down systems until the victim pays a ransom. Having backups can limit ransomware impact.
- Web applications are a top target, often hacked using stolen credentials or vulnerabilities. Keeping software patched and making authentication stronger is key.
- Small businesses are now targeted almost as much as large organizations. All companies need security controls like patching, backups, training, and incident response plans.
The report highlights the need for defense-in-depth security to stop attacks at many levels. Understanding these data breach patterns can help organizations strengthen their weakest security areas.
Summary of The Verizon’s Data Breach Investigations Report- 2023
The 2023 Data Breach Investigations Report provides an in-depth analysis of 16,312 cybersecurity incidents, including 5,199 confirmed data breaches, that occurred between November 2021 and October 2022. Published annually by Verizon, this report examines emerging attack trends and provides insights to help organizations improve security.
Results and Analysis
The report categorizes incidents using the VERIS framework across four dimensions: Actors, Actions, Assets, and Attributes. Key findings include:
- 83% of breaches involved external threat actors, primarily financially motivated criminal groups. Internal actors caused 19% of breaches, mainly through errors and misuse of data.
- The top attack patterns were hacking (35% of breaches), malware (24%), and social engineering (17%). Phishing and using stolen credentials were common entry points for attackers.
- Servers were the top affected assets (33% of breaches), followed by user devices (28%), and people (25%). Web applications and email servers stored the most valuable data for attackers.
- Compromised data was predominantly credentials (63% of breaches), personal information (44%), and internal data (41%).
Incident Classification Patterns
The report groups incidents into patterns based on tactics, techniques, and procedures. Key patterns include:
- System Intrusion (1,944 breaches): Complex, multistage attacks like ransomware campaigns that leverage hacking and malware. Ransomware impacted 24% of all breaches.
- Social Engineering (928 breaches): Manipulating human targets via phishing and pretexting to obtain data or perform unauthorized actions. Business Email Compromise attacks nearly doubled.
- Basic Web App Attacks (1,315 breaches): Using stolen credentials or common vulnerabilities to break into web apps and steal data. Poor passwords contributed to many of these breaches.
- Miscellaneous Errors (512 breaches): Mistakes by insiders that expose data, like misconfigurations and sending data to the wrong recipients.
The top affected industries were Finance, Professional Services, Manufacturing, Public Administration, and Healthcare. Each vertical faces different risks based on its digital assets, regulations, and attack surface. For example, ransomware continues to plague Healthcare organizations. Retail remains alluring for payment card data. Errors cause problems in Education, while Public Administration deals with state-sponsored espionage.
Across geographic regions, financially motivated hacking and malware cause most breaches globally. However, Social Engineering tops the list in Asia Pacific due to high volumes of Business Email Compromise attacks targeting the area. Espionage is also more common in certain regions like the Asia Pacific and EMEA.
The report highlights the need for robust security awareness training, cyber hygiene, vulnerability, and access management programs, and effective incident response across all organizations. Understanding these real-world attack trends and patterns is crucial for data-driven risk mitigation and cyber defense.
Here are the key takeaways from the Data Breach Investigations Report:
- Have an incident response plan. Know what to do if you suffer a breach. Respond quickly to limit the damage.
- Train employees on cybersecurity awareness. Test them with simulated phishing emails. Make security a part of company culture.
- Use strong authentication like multi-factor authentication (MFA). Passwords alone are not enough anymore.
- Patch software vulnerabilities quickly. Hackers exploit unpatched flaws to break in. Stay on top of updates.
- Segment and monitor network access. Limit what employees can reach if they are compromised. Watch for unusual activity.
- Back up critical data regularly. Test restoring from backups. It limits ransomware impact and provides recovery options.
- Review employee access and privileges. Give minimal access needed to do the job. Disable unused accounts.
- Work with partners you trust. Know their security practices. Use supplier risk assessments. Weak links put you at risk.
- Simplify security stacks where possible. Too many disjointed tools lead to gaps and complexity. Integrate and automate key controls.
- Focus protection on your critical data and systems. You can’t secure everything equally. Know your business crown jewels.
- Evaluate security controls with pen testing. Verify they work as expected to stop real-world attacks. Expect surprises.
- Compare your security to benchmarks. Identify gaps in people, processes, and technology. Prioritize improvements with the highest impact.