2023 Data Breach Investigations Report (DBIR)

The Data Breach Investigations Report (DBIR) is a highly anticipated publication in the cybersecurity industry because it provides insights based on a comprehensive analysis of numerous real-world incidents.

    • For the 2023 edition, Verizon examined over 16,000 security incidents and approximately 5,200 breaches. 
    • Drawing from data provided by the FBI, it was found that the median cost of ransomware incidents has more than doubled in the past two years, reaching $26,000. Only 7% of cases reported losses, with victims experiencing financial damages ranging from $1 million to $2.25 million. Verizon also observed a similar trend in India, where various industries have witnessed an increase in such attacks, often influenced by the human factor. 
    • The human element continues to play a significant role, accounting for the majority of incidents and contributing to 74% of total breaches. Despite efforts by enterprises to fortify critical infrastructure and enhance cybersecurity training, social engineering remains prevalent. 
    • Anshuman Sharma, Associate Director CSIRT & Investigative Response, APJ, Verizon Business, stated that social engineering attacks have risen sharply due to increased connectivity and advancements in artificial intelligence. Pretexting and Business Email Compromise (BEC) attacks, which make up 50% of all incidents, exploit human vulnerabilities by cloning and presenting information in a trustworthy manner, even if it is inaccurate.
    • Similar to ransomware, social engineering proves lucrative for cybercriminals, particularly with the emergence of techniques that impersonate enterprise employees for financial gain, known as Business Email Compromise (BEC). According to data from the Internet Crime Complaint Centre (IC3), the median amount stolen in BECs has risen to $50,000 USD, potentially contributing to a significant increase in pretexting incidents in the past year. 

Key findings from the 2023 DBIR include: 

    • Espionage-motivated threat actors accounted for only 3% of incidents, despite receiving considerable media attention due to geopolitical factors. The remaining 97% were driven by financial gain.
    • Within 30 days of its release, 32% of annual Log4j vulnerability scanning occurred, indicating the rapid escalation of threat actors from proof of concept to mass exploitation. 
    • External threat actors employed various techniques to breach organizations, such as utilizing stolen credentials (49%), phishing (12%), and exploiting vulnerabilities (5%).
    • 24% of all breaches involved ransomware (steady compared to previous year)
    •  32% of all Log4j vulnerability exploitation occurred in the first 30 days after release (threats are accelerating)
    • 19% of breaches involved internal actors, who caused both intentional and unintentional harm

    • 74% of all breaches include the human element through error, privilege misuse, use of stolen credentials or social engineering

    • 49% of breaches by external actors involved use of stolen credentials

    • 5% of breaches are financially motivated, with roughly 5% being espionage

    • Web applications are the top type of asset targeted at roughly 60% followed by mail servers at 30%

Scroll to top