Picking the statistic highlights from this year's Data Breach Investigations Report.
The 18th edition of the Verizon Data Breach Investigations Report (DBIR) was released this week, offering a global perspective on major attack trends.
With well over 100 pages of statistics, analysis and cybersecurity highlights, there is a lot to take in: but it does serve as a great resource of statistics for business risk, attack trends and knowing just where businesses seem to be doing things wrong. Here are our top ten takeaways from this year’s report.
1 - Exploitation of vulnerabilities increased by 34 percent, in relation to last year’s report, and was supported in part by zero day exploits targeting edge devices and virtual private networks.
2 - Organisations worked very hard to patch edge device vulnerabilities, but analysis showed only about 54 percent of those were fully remediated throughout the year, and it took a median of 32 days to accomplish.
3 - Ransomware is present in 44 percent of all the reviewed breaches, up from 32 percent last year.
4 - Ransomware is also present in 31 percent of incidents, an increase from a less-impressive 14 percent last year.
5 - The median amount paid to ransomware groups has decreased to $115,000 (from $150,000 last year) with 64 percent of the victim organisations not paying the ransom.
6 - 15 percent of employees were routinely accessing GenAI systems on their corporate devices; at least once every 15 days.
7 - There was third-party involvement of some sort in 30 percent of all breaches analysed, up from roughly 15 percent last year.
8 - The use of stolen credentials occurred in 22 percent of instances, down from 31 percent in the previous report.
9 - The percentages of breaches where a third party was involved doubled, going from 15 percent to 30 percent.
10 - The percentage of AI assisted malicious emails doubled from around five percent to ten percent over the past two years.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
