Resumen
The Use of stolen credentials, Phishing and Ransomware continue to play big roles in this industry. Compromised Medical information was seen at an unexpectedly high level as well.
Frequency
7,065 incidents, 109 with confirmed data disclosure
Top Patterns
System Intrusion, Basic Web Application Attacks, and Miscellaneous Errors represent 83% of breaches
Threat Actors
External (70%), Internal (31%), Multiple (1%) (breaches)
Actor Motives
Financial (100%) (breaches)
Data compromised
Personal (83%), Credentials (32%), Medical (26%), Other (18%) (breaches)
Top IG1 Protective Controls
Security Awareness and Skills Training (14), Secure Configuration of Enterprise Assets and Software (4), Access Control Management (6)
Arts, Entertainment and Recreation
NAICS 71
- 2021 DBIR
- DBIR Master's Guide
- Results and Analysis
- Incident Classification Patterns
- Data Breach Statistics By Industry
- Accommodation Food Services
- Entertainment Data Breaches
- Educational Services Data Breaches
- Financial Services Data Breaches
- Healthcare Data Breaches Security
- Information Industry Data Breaches
- Manufacturing Data Breaches
- Energy Utilities Data Breaches
- Professional Technical Scientific Services
- Public Administration Data Breaches
- Retail Data Breaches Security
- SMB Data Breaches Deep Dive
- Introduction by Regions
- Year in Review 2021
- Appendices
- 2021 DBIR Corrections
- Download the full report (PDF)
While the way in which we consumed entertainment changed this year, hopefully temporarily, attackers continued to follow the same winning combination that they’ve been using for the last few years in this industry. Namely, targeting web applications and utilizing malware to its fullest extent. And of course, there was the occasional human blunder that serves to keep life interesting.
System Intrusion, Web Applications and Errors are more or less tied for the top ranking. Their combined weight accounts for 83% of the breaches in this sector. This is in line with the trend set in previous years, and what we saw in last year’s report (Figure 99). With that in mind, it is perhaps only to be expected that action types such as the Use of stolen credentials, Ransomware, Phishing and Misconfiguration were responsible for most breaches (Figure 100).
What was a bit surprising was the high level of Medical information breached in this sector. One would typically associate medical record loss with the Healthcare industry. However, upon digging into the data a bit more, the Personal Health Information (PHI) was related to athletic programs, which fall under this vertical. It is possible the medical nature of the data was unclear, and so the worst case, (medical rather than just personal) data was reported. Still, this reveals an important lesson: Don’t assume that because your organization is not in the medical field that you don’t possess medical data (or that you don’t have a duty to ensure that it is protected appropriately).
From an incident point of view, DDoS attacks were once again quite high this year. This is potentially due to the gambling websites that also reside in this sector. Therefore, if you are operating an online gambling platform the safe bet is to plan for DDoS, because the house always needs to win.
Let's get started.
Choose your country to view contact details.
Call for Sales.
Or we'll call you.
Existing customers, sign in to your business account or explore other support options.