Verizon 2023 Data Breach Investigations Report: Frequency and Cost of Social Engineering Attacks Skyrocket
Verizon Business has released the results of its 16th annual Data Breach Investigations Report (2023 DBIR), which analyzed 16,312 security incidents and 5,199 breaches. Chief among its findings is the soaring cost of ransomware – malicious software (malware) that encrypts an organization’s data and then extorts large sums of money to restore access.
The median cost per ransomware incident doubled over the past two years, with 95 percent of ransomware incidents that experienced a loss costing between $1 million and $2.25 million. This rise in cost coincides with a dramatic rise in frequency. Last year, the number of ransomware attacks was greater than the previous five years combined. That prevalence held steady this year: Representing almost a quarter of all breaches (24 percent), ransomware remains one of the top cyberattack methods.
The human element still makes up the overwhelming majority of incidents, and is a factor in 74 percent of total breaches, even as enterprises continue to safeguard critical infrastructure and increase training on cybersecurity protocols. One of the most common ways to exploit human nature is social engineering, which refers to manipulating an organization's sensitive information through tactics like phishing, in which a hacker convinces the user into clicking on a malicious link or attachment.
Chris Novak, Managing Director of Cybersecurity Consulting at Verizon Business says, “Senior leadership represents a growing cybersecurity threat for many organizations. Not only do they possess an organization’s most sensitive information, they are often among the least protected, as many organizations make security protocol exceptions for them. With the growth and increasing sophistication of social engineering, organizations must enhance the protection of their senior leadership now to avoid expensive system intrusions.”
Craig Robinson, Research Vice President at IDC says, "Globally, cyber threat actors continue their relentless efforts to acquire sensitive consumer and business data. The revenue generated from that information is staggering, and it's not lost on business leaders, as it is front and center at the board level. Verizon's Data Breach Investigations Report provides deep insights into the topics that are critical to the cybersecurity industry and has become a source of truth for the business community."