2020 Verizon Data Breach Investigations Report: Summary and key findings for security professionals


The Verizon Data Breach Investigations Report, or the Verizon Data Breach Report, is an annual report intended for information security professionals. It summarizes 3,950 confirmed data breaches and is a collection of work from 81 contributors spanning 81 countries and has grown more than a little bit since last year’s twelfth edition. 

Navigating this year’s Verizon Data Breach Report may be a bit confusing, as its format has changed. Fortunately, this article will do the legwork for you! It will offer a summary of the Verizon Data Breach Report as well as key findings that information security professionals can use as a sort of road map to use for how the information security landscape will look in the year to come.

Summary of the Verizon Data Breach Report

The summary of the Verizon Data Breach Report provides a top-level view of what you should take away from it, based upon four general questions. Each question yields more information than you may think and provides a solid starting point for the key findings to come.

What tactics are utilized?

  • 45% of breaches involved hacking
  • 22% of attacks included social attacks
  • 22% involved malware
  • 17% of breaches featured errors which were causal events
  • 8% of breaches were caused my authorized user misuse
  • 4% of breaches involved physical actions

Who’s behind the breaches?

  • 70% of breaches were perpetrated by external actors
  • 55% of breaches were caused by organized criminal groups
  • 30% of breaches were perpetrated by internal actors
  • 4% of breaches had four or more attack actions
  • 1% involved partner actors
  • 1% involved multiple parties

Who are the victims?

  • 81% of breaches were discovered in a matter of days or less
  • 72% of breaches involved large business victims
  • 58% of victims had their personal data compromised
  • 28% of breach victims were (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Greg Belding. Read the original post at: