Information (NAICS 51)

Please provide the information below to view the online Verizon Data Breach Investigations Report.

The information provided will be used in accordance with our terms set out in our Privacy Notice. Please confirm you have read and understood this Notice.

By submitting the form, you are agreeing to receive insights, reports and other information from Verizon and affiliated companies in accordance with our Privacy Policy. California residents can view our California Privacy Notice.

Verizon may wish to contact you in the future concerning its products and/or services. If you would like to receive these communications from Verizon, indicate by selecting from the dropdown menu below. Please note that you can unsubscribe or update your preferences at any time.

Indicates a required field. The content access link will be emailed to you.

View only

Thank You.

Gracias.

You will soon receive an email with a link to confirm your access, or follow the link below.

Download this document

Gracias.

You may now close this message and continue to your article.

Frequency

 

2,110 incidents, 384 with confirmed data disclosure

Top patterns

 

System Intrusion, Basic Web Application Attacks and Social Engineering represent 77% of breaches

Threat actors

 

External (81%), Internal (20%), Multiple (2%), Partner (1%) (breaches)

Actor motives

 

Financial (92%), Espionage (8%) (breaches)

Data compromised

 

Personal (51%), Credentials (37%), Other (35%), Internal (19%) (breaches)

What is the same?

 

System Intrusion remains the top pattern in this vertical, and it is still dominated by Financially motivated external actors.

Resumen

 

Miscellaneous Errors continues the downward trend it has exhibited for the last several years and loses its position in the top three to Social Engineering. Denial of Service attacks account for 70% of incidents in NAICS 51.

Make no mistake, information is power.

Over the last few years, errors have played a diminishing role in breaches within the Information vertical. That downward trend continues this year, so much so that it has fallen to number four and accounts for only 13% of breaches. (Figure 53) Good on ya, Information folks! Securing your assets from the bad guys is hard enough without unwittingly exposing assets yourself. 

Social Engineering, on the other hand, has slowly crept up and captured the number three position with 20% of breaches. Unlike some industries where we see a much higher degree of phishing than we do of its more complicated cousin, pretexting. In the Information vertical, however, the two social actions are not far apart, with phishing at 15% and pretexting at 11%. As mentioned elsewhere in this report, Pretexting is definitely on the rise.

Please listen closely, as our options have NOT changed.

As always, External actors (the vast majority of which are organized crime) are behind most attacks in this vertical. In fact, last year, we showed only External and Internal actors. This year we did see an increase (albeit very small) in the categories of Partner and multiple actors at 1% each. Granted, those are not big numbers, but it is of interest to see them reappearing in this industry for the first time in a couple of years. As one would expect, the vast majority of attacks, regardless of who was committing them, were Financially motivated. The motive of Espionage was still present at 8% of breaches but is significantly lower than last year’s 20%. The most likely reason for the change is the move away from web apps and servers and toward spy balloons and remote viewing.

2023 Data Breach Investigations Report

Let's get started.