Industries: Introduction​​ 

Please provide the information below to view the online Verizon Data Breach Investigations Report.​​ 

The information provided will be used in accordance with our terms set out in our Privacy Notice. Please confirm you have read and understood this Notice.​​ 

By submitting the form, you are agreeing to receive insights, reports and other information from Verizon and affiliated companies in accordance with our Privacy Policy. California residents can view our California Privacy Notice.​​ 

Verizon may wish to contact you in the future concerning its products and/or services. If you would like to receive these communications from Verizon, indicate by selecting from the dropdown menu below. Please note that you can unsubscribe or update your preferences at any time.​​ 

Indicates a required field. The content access link will be emailed to you.​​ 

View only​​ 

Thank You.​​ 

Gracias.​​ 

You will soon receive an email with a link to confirm your access, or follow the link below.​​ 

Download this document​​ 

Gracias.​​ 

You may now close this message and continue to your article.​​ 

Greetings! If you are just stepping onto the DBIR scene, please consider this your orientation. For our more seasoned veterans, feel free to simply breeze past—this terrain should be familiar ground.​​ 

As mentioned previously, in this report we examined 30,458 incidents, of which 10,626 were confirmed data breaches. We will view both of these categories in a more granular fashion, along with how they played out in the various industries and regions, in the following sections of the report. As we have mentioned in previous editions, what keeps one industry tossing and turning at night may not even register as a blip on another’s radar. It boils down to attack surfaces—the prime real estate for cyber malfeasance. When you factor in the nuances of specific types of threat actors, the technological infrastructures underpinning each sector, the type of data an organization handles and retains, and how folks access and use that data, you’ve mixed a potent cocktail of security complexities.​​ 

For example, consider a tech behemoth swimming in the digital sea of mobile devices and their respective apps. Its risk profile looks markedly different from that of a boutique establishment relying on a point-of-sale system or a simple e-commerce platform supported by its vendor. Furthermore, these findings are also influenced by reporting requirements, which means that industries may experience varying levels of scrutiny from that perspective. Finally, smaller sample sizes for given industries are also an important factor that comes into play with regard to statistical analysis (smaller sample sizes result in lessened statistical confidence). Therefore, we ask readers to refrain from rushing to conclusions about an industry’s security posture based solely on incident reports.​​ 

If you are here for insights tailored to your industry, we recommend that you spend time looking at the top patterns for your industry and reading up on the relevant pattern sections of the report. Just to let you know, the DBIR aligns with the North American Industry Classification System (NAICS) to determine which industry an organization belongs to. More detail on this can be found in Appendix A.​​ 

Table 2. Number of security incidents and breaches by victim industry and organization size

Table 2.​​  Number of security incidents and breaches by victim industry and organization size​​ 

Incidents by industry​​ 

Data Breach Investigation Report figure 56

Breaches by industry​​ 

Data Breach Investigation Report figure 57

Let’s
connect​​ 

Call Sales
877-297-7816​​ 

Have us contact you
Request a call​​ 

Call for Public Sector
844-825-8389​​