This year, Verizon’s DBIR is based on data from 41,686 security incidents and 2,013 data breaches provided by 73 data sources, both public and private entities, spanning 86 countries worldwide.
You can read the Executive Summary here, or read the full report here.
There are some data in it that may raise an eyebrow or two, especially for the Healthcare sector. In their key takeaways, for example, they write:
Healthcare
Frequency:
466 incidents, 304 with confirmed data disclosure
Top 3 patterns:
Miscellaneous Errors, Privilege Misuse and Web Applications represent 81% of incidents within Healthcare
Threat actors:
Internal (59%), External (42%), Partner (4%), and Multiple parties (3%) (breaches)
Now if you have been following along on this site and reading Protenus’s reports, you’ll know that on a monthly and extended basis, external/hacking incidents out-number internal incidents by a lot. And business associate/third-party incidents account for more than 4% of incidents. Are DBIR’s figures on external incidents lower than our figures because of the issue that in most ransomware reports, there is no certainty that data were exposed or accessed? It seems that way, as they write:
Most ransomware incidents are not defined as breaches in this study due to their lack of the required confirmation of data loss. Unfortunately for them, Healthcare organizations are required to disclose ransomware attacks as though they were confirmed breaches due to U.S. regulatory requirements. This compulsory action will influence the number of ransomware incidents associated with the Healthcare sector. Acknowledging the bias, this is the second straight year that ransomware incidents were over 70 percent of all malware outbreaks in this vertical.
Actor motives:
Financial (83%), Fun (6%), Convenience (3%), Grudge (3%), and Espionage (2%) (breaches)
Data compromised:
Medical (72%), Personal (34%), Credentials (25%) (breaches)