The 17th-annual Data Breach Investigations Report (DBIR) analyzed a record-high 30,458 security incidents and 10,626 confirmed breaches in 2023 – a two-fold increase over 2022.
Key findings from this year’s report from Verizon Business include:
- Vulnerability exploitation surged by nearly 3X (180%) last year
- 32% of all breaches involved some type of extortion technique, including ransomware
- More than two-thirds (68%) of breaches involve a non-malicious human element
- 30,458 security incidents and 10,626 confirmed breaches were analyzed in 2023—a two-fold increase over 2022
- Over the past two years, roughly a quarter (between 24% and 25%) of financially motivated incidents involved pretexting
- Over the past 10 years, the Use of stolen credentials has appeared in almost one-third (31%) of all breaches
- Nearly half of the breaches (49%) in EMEA are initiated internally, suggesting high incidences of privilege misuse and other human errors
- Across EMEA, the top reasons for cybersecurity incidents are miscellaneous errors, system intrusion, and social engineering, which account for 87% of breaches. The most common types of data compromised are personal (64%), internal (33%), and credentials (20%)
- Espionage attacks continue to dominate in APAC region
Exploitation Of Vulnerabilities As Initial Point Of Entry Tripled
The exploitation of vulnerabilities as an initial point of entry almost tripled from the previous year, accounting for 14% of all breaches. This spike was driven primarily by the increasing frequency of attacks targeting vulnerabilities on unpatched systems and devices (zero-day vulnerabilities) by ransomware actors. The MOVEit software breach was one of the largest drivers of these cyberattacks, first in the education sector and later spreading to finance and insurance industries.
“This report shows ransomware actors exploiting zero-day vulnerabilities is still a major threat to businesses,” commented Tim Royston-Webb, CEO, SentryBay. “Although the utilization of artificial intelligence to breach valuable corporate assets is a concern, the failure to address fundamental vulnerabilities allows threat actors to persist without evolving their tactics.”
Organizations Take 55 days To Remediate 50% Of Critical Vulnerabilities
Analysis of the Cybersecurity Infrastructure and Security Agency (CISA) Known Exploited Vulnerabilities (KEV) catalog revealed that on average it takes organizations 55 days to remediate 50% of critical vulnerabilities following the availability of patches. Meanwhile, the median time for detecting the mass exploitations of the CISA KEV on the internet is five days.
15% Of Breaches Involved A Third Party
Last year, 15% of breaches involved a third party, including data custodians, third-party software vulnerabilities, and other direct or indirect supply chain issues. This metric—new for the 2024 DBIR— shows a 68% increase from the previous period described in the 2023 DBIR.
Cybercriminals Continue To Exploit Human Element
Most breaches (68%), whether they include a third party or not, involve a non-malicious human element, which refers to a person making an error or falling prey to a social engineering attack. This percentage is about the same as last year. One potential countervailing force is the improvement of reporting practices: 20% of users identified and reported phishing in simulation engagements, and 11% of users who clicked the email also reported it.
“The continued presence of human error in security breaches highlights the need for enhanced cybersecurity training,” said Brent Agar, VP Strategic Partnerships, SentryBay. “The range and scope of the incidents analyzed in this report confirm the ways breaches are taking place, and they continue to result in significant financial losses for businesses.”