Information (NAICS 51)

Please provide the information below to view the online Verizon Data Breach Investigations Report.

First Name: Last Name: E-mail: Organization: Organization type Country:

The information provided will be used in accordance with our terms set out in our Privacy Notice. Please confirm you have read and understood this Notice.

By submitting the form, you are agreeing to receive insights, reports and other information from Verizon and affiliated companies in accordance with our Privacy Policy. California residents can view our California Privacy Notice.

I confirm I have read and understood

Verizon may wish to contact you in the future concerning its products and/or services. If you would like to receive these communications from Verizon, indicate by selecting from the dropdown menu below. Please note that you can unsubscribe or update your preferences at any time.

Indicates a required field. The content access link will be emailed to you.

View only

Thank You.

Gracias.

You will soon receive an email with a link to confirm your access, or follow the link below.

Download this document

Gracias.

You may now close this message and continue to your article.

2024

Frequency		1,367 incidents, 602 with confirmed data disclosure
Top patterns		System Intrusion, Basic Web Application Attacks and Social Engineering represent 79% of breaches
Threat actors		External (79%), Internal (21%), Multiple (1%) (breaches)
Actor motives		Financial (87%), Espionage (14%) (breaches)
Data compromised		Other (46%), Personal (45%), Credentials (27%), Internal (22%) (breaches)
What is the same?		The top three attack patterns remain constant since last year, and their ranked order has also not changed. The team found this somewhat interesting considering how many more breaches we had in this sector as compared to last year.

Resumen

The overall breach sample size increased compared to last year, but this sector experienced substantially fewer incidents. Ransomware and Use of stolen credentials continue to dominate the System Intrusion pattern, while there was a slight decrease in Phishing attacks alongside a rise in Pretexting within the Social Engineering pattern. There was a mild increase in Espionage motives and state-sponsored actors targeting the industry, emphasizing the need for enhanced detective controls.

As we have mentioned elsewhere in this report, our overall breach sample size was greater than last year. However, the Information sector showed 741 fewer incidents this year. It did boast a much higher number of breaches. The top patterns for this vertical remain the same, and so does their order (Figure 65).

Ransomware and the Use of stolen creds (a combination that makes up much of the System Intrusion pattern) remain in the top action varieties as one might expect. With regard to breaches in the Social Engineering pattern, we saw a slight dip in Phishing attacks along with a corresponding rise in Pretexting. This could be one indicator that the threat actors are being forced to deploy more sophisticated techniques against their targets.

This year, EMEA dominates the dataset in this sector in particular, with 243 confirmed Information industry breaches as opposed to just 97 in Northern America. These incidents have been contributed by some of our new law enforcement and regulatory bodies in the region. This is what robust data protection regulation looks like.

Finally, we did see a mild increase in the Espionage motive (14% this year as opposed to 8% in the 2023 report). We also saw a combined increase of the Nation-state/State-affiliated actors from 12% last year to 15% in this sector currently. While this is not a statistically significant finding, it is never good news to find that your industry is increasingly being targeted by more sophisticated threat actors (even if only slightly). Nevertheless, it serves as a reminder to ensure that you have detective controls in place to give you an early warning if you become a target.