Verizon 2021 Data Breach Investigation Report

  • Published: Tuesday, May 18, 2021

Verizon's annual Data Breach Investigation Report (DBIR) is out! And, no surprise, the last year saw sharp spikes in pandemic themed phishing, collaboration platform abuse and attacks on remote workers.

Now in its 14th year, the Verizon DBIR is trusted and respected in cybersecurity for its annual reporting and analysis of incidents and breaches. You can download and read the full report, but I'll attempt to highlight some key findings. This report is focused on over 79,000 incidents from 88 countries. Over 29,000 incidents met the report's quality standards and 5,258 were confirmed breaches. An incident is defined as a security event that compromises the integrity, confidentiality or availability of an information asset. A breach is an incident that results in the confirmed disclosure--not just potential exposure--of data to an unauthorized party. (Page 4)

A summary of the findings shows that while denial of service attacks topped the incidents experienced, social engineering tactics resulted in the most data breaches. Coming in number two in both areas were basic web application attacks.

  • 85 percent of breaches involved a human element (top two: phishing & stolen credentials).
  • 61 percent of breaches involved credentials.
  • 13 percent of non-DoS incidents involved ransomware.
  • Three percent of breaches involved vulnerability exploitation.

The costs of these incidents resulted in deficits between $69 to well over $1.5 million.

Phishing remains one of the top activities. This attack is present in 36 percent of the breaches (up from 25 percent last year).

More interesting report discoveries:

  • Insider privilege misuse and system intrusion breaches take the longest time to discover.
  • Stolen assets and errors are the fastest to discover.
  • Fastest data to be compromised are credentials.
  • Educational services experienced 1,332 incidents, 344 with confirmed data disclosure.

Want to skip the full report? Here are some key pages to check out:
Page 6: Introduction
Page 7: Summary of findings
Pages 35-40: Denial of service - 14,335 incidents, 4 confirmed data disclosure
Pages 41-42: Lost and stolen assets - 1,295 incidents, 84 confirmed data disclosure
Pages 43-45: Miscellaneous errors - 919 incidents, 896 confirmed data disclosure
Pages 46-48: Privilege misuse - 265 incidents, 222 confirmed data disclosure
Pages 49-52: Social engineering - 3,841 incidents, 1767 confirmed dasta disclosure
Pages 54-57: System intrusion - 3,710 incidents, 966 confirmed data disclosure
Pages 58-61: Basic web application attacks - 4,862 incidents, 1,384 confirmed data disclosure
Pages 62-63: Everything else - 129 incidents, 38 confirmed data disclosure
Pages 65-68: Highlight the incidents and breaches by industry
Pages 110-111: Appendix B: Controls v8