For the past eight years (including the last three on this blog), I’ve covered the Verizon Data Breach Investigations Report (DBIR) every year, which analyzes the reported cybersecurity and data breach incidents for the year. The 2022 Verizon DBIR Report was released yesterday – let’s check it out!
The 2022 Verizon DBIR report (available here) is the fifteenth year of the report and the report pays homage to the previous editions by including the cover page of each of them. It also includes some stats from the very first edition back in 2008 in comparison to the same (or similar) stats in the 2022 edition.
As the authors note in the introduction “Were we to indulge our imaginations with anthropomorphic comparisons, we might find this report having its braces removed, finally being able to get a driver’s permit, overusing sarcasm, perhaps becoming a bit goth and generally being unappreciative. But we won’t bother with all that. We will simply say THANK YOU!” Back at ya!
This year the DBIR team analyzed 23,896 security incidents, of which, 5,212 were confirmed data breaches. Lifetime, they have collected and analyzed in total over 914,547 incidents, 234,638 breaches and 8.9 TBs of cybersecurity data! Wow!
The 108–page 2022 Verizon DBIR report is one again very comprehensive, with DBIR Master’s Guide (to tell you how to read the report) a “chock-full” of charts Results and Analysis section, a section on Incident Classification Patterns, and breakouts of trends for various Industries and Regions. It also includes a Wrap-Up Year in Review of notable cyber incidents (which is always interesting) and several appendices, including a list of 87(!) contributing organizations.
If you feel like reading less, there is always the 20-page(!) Executive Summary! 😉
Regardless, here are six notable takeaways from the 2022 Verizon DBIR Report:
- There are four key paths leading to your estate: Credentials, Phishing, Exploiting vulnerabilities and botnets.
- 82% of breaches involved the Human Element, including Social Attacks, Errors and Misuse.
- There was a 13% increase in Ransomware breaches—more than in the last 5 years combined.
- 62% of incidents in the System Intrusion pattern involved threat actors compromising partners.
- 93% of all breaches were financially motivated, and 6% were clearly for espionage purposes.
- Error continues to be a dominant trend and is responsible for 14% of breaches. This finding is heavily influenced by misconfigured cloud storage.
As always, the 2022 Verizon DBIR report is chock full of graphics and statistics which makes it easier to read than the size of the report indicates (once you master the Master’s Guide, that is). You can download a copy of the report (and the Executive Summary if you want to only hit the highlights) here. But I recommend that you check them both out! After all, we’re seeing so many notable cyber incidents these days (like this one I reported last week), that it pays to be informed!
So, what do you think? Have you ever experienced any data breaches, either personally or professionally? Please share any comments you might have or if you’d like to know more about a particular topic.
Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.