Summary of Findings

Please provide the information below to view the online Verizon Data Breach Investigations Report.

The information provided will be used in accordance with our terms set out in our Privacy Notice. Please confirm you have read and understood this Notice.

By submitting the form, you are agreeing to receive insights, reports and other information from Verizon and affiliated companies in accordance with our Privacy Policy. California residents can view our California Privacy Notice.

Verizon may wish to contact you in the future concerning its products and/or services. If you would like to receive these communications from Verizon, indicate by selecting from the dropdown menu below. Please note that you can unsubscribe or update your preferences at any time.

Indicates a required field. The content access link will be emailed to you.

View only

Thank You.

Gracias.

You will soon receive an email with a link to confirm your access, or follow the link below.

Download this document

Gracias.

You may now close this message and continue to your article.

2023 Data Breach Investigations Report

Social Engineering attacks are often very effective and extremely lucrative for cybercriminals. Perhaps this is why Business Email Compromise (BEC) attacks (which are in essence pretexting attacks) have almost doubled across our entire incident dataset, as can be seen in Figure 5, and now represent more than 50% of incidents within the Social Engineering pattern.

2023 Data Breach Investigations Report
2023 Data Breach Investigations Report


74% of all breaches include the human element, with people being involved either via Error, Privilege Misuse, Use of stolen credentials or Social Engineering.

83% of breaches involved External actors, and the primary motivation for attacks continues to be overwhelmingly financially driven, at 95% of breaches.

The three primary ways in which attackers access an organization are stolen credentials, phishing and exploitation of vulnerabilities.

2023 Data Breach Investigations Report

Ransomware continues its reign as one of the top Action types present in breaches, and while it did not actually grow, it did hold statistically steady at 24%. Ransomware is ubiquitous among organizations of all sizes and in all industries.

2023 Data Breach Investigations Report

More than 32% of all Log4j scanning activity over the course of the year happened within 30 days of its release (with the biggest spike of activity occurring within 17 days as Figure 9 shows).

 

2023 Data Breach Investigations Report

Log4j was so top-of-mind in our data contributors’ incident response that 90% of incidents with Exploit vuln as an action had “Log4j,” or “CVE-2021-44228” in the comments section. However, only 20.6% of the incidents had comments.

Let's get started.