5 Takeaways from the Verizon Data Breach Investigations Report 2023

The 2023 Verizon Data Breach Investigations Report is out, and the researchers behind it have once again found that financial gain was the motivation for 95% of data breaches. Web applications continue to be the top attack vector.
Sebastian Brandes
Sebastian Brandes

The Verizon Data Breach Investigations Report (DBIR) is an annual report that provides insights into the latest trends in data breaches. The 2023 DBIR analyzed 16,312 security incidents (of which 5,199 were confirmed data breaches) taking place between November 1, 2021 and October 31, 2022.

Here are the top 5 takeaways from the report:

  1. Financial motivations drive most cyberattacks. The report found that financial gain motivated 95% of data breaches. This is consistent with previous years, showing that money primarily motivates cybercriminals.
  2. Social engineering remains a top threat. Social engineering attacks, such as phishing and pretexting, were responsible for 17% of all data breaches. This is a significant increase from the previous year, and it shows that cybercriminals are increasingly using social engineering to trick victims into giving up their personal information.
  3. Malware and ransomware continue to haunt victims. Malware and ransomware were responsible for 32% of all data breaches. This is a slight decrease from the previous year, but it still shows that these threats are a significant concern for organizations.
  4. SMBs are at risk. Small and medium-sized businesses (SMBs) were disproportionately targeted in data breaches. SMBs accounted for 44% of all data breaches, despite only making up 20% of the global economy.
  5. Web applications are the top attack vector. The report found that web applications were the top attack vector for data breaches, accounting for 43% of all breaches alone. This is a significant increase from the previous year, and it shows that cybercriminals are increasingly targeting web applications to steal sensitive data.

We highly recommend downloading and having a look at the report. Unlike many other industry reports in the security vertical, the 2023 DBIR is humoristically written, making it quite a joy to read. At the same time, it gives an evident look into why data breaches occur and which attack vectors are the most vulnerable.

You can view the report online or download it as a PDF file. Reading it online gives the best experience, however. Get your coffee ready and start reading the results on Verizon's website.

Want to learn more?

We'd be happy to help you secure your web app infrastructure. 🔒

Minimize your attack surface

Book a meeting with one of our security experts and learn how Heyhack can help you secure your web applications and services across your domains.
Put penetration testing on autopilot and immediately reduce your AppSec risk.
Book a demo
Start for free
“Heyhack helps us gain a complete overview of the security of our application and patch vulnerabilities early.”
Søren Viuff
CPO of Openli

Heyhack is a SOC 2 Type II certified automated penetration testing platform for web apps and APIs.

Automatically scan and test your web application portfolio and stay on top of security vulnerabilities to avoid cyber attacks and data breaches.

Heyhack
Solutions
Compliance
About
© 2023 Heyhack ApS