Verizon Business releases annual data breach investigation report

Each year Verizon Business publishes aggregate data breach information from forensics investigations the company has performed. This report yielded a number of interesting data points including:

  • The majority of data breaches were caused by external sources. 74% emanated from external sources, 32% were linked to business partners, and only 20% percent were caused by insiders. This statistic flips on it’s head a long held belief that most attacks were performed by knowledgeable insiders.
  • 52% of successful attacks required either no or low technical skills, suggesting that over half of the successful attacks were overly simplistic in nature as a result of poor information security practices.
  • The ability to detect a data breach within an organization continues to be problematic as 69% of data breaches were discovered by a third party rather than the victim organization.
  • 81% of victims involving card breaches were not Payment Card Industry (PCI-DSS) compliant at the time of breach.
  • 99.9% of all breached records were compromised from servers and applications, rather than weaknesses such as desktops, mobile devices, and portable media.