Phishing, ransomware, web app attacks dominate data breaches in 2021, says Verizon Business DBIR

Web applications represented 39% of all data breaches in the last year with phishing attacks jumping 11% and ransomware up 6% from a year ago, according to the Verizon Business Data Breach Investigations Report.

The report, based on 5,358 breaches from 83 contributors around the world, highlights how the COVID-19 pandemic move to the cloud and remote work opened up a few avenues for cybercrime.

Verizon Business found that 61% of all breaches involved credential data. Consistent with previous years, human negligence was the biggest threat to security.

Each industry in the DBIR had its own security nuances. For instance, 83% of data compromised in the financial and insurance industry was personal data, said Verizon Business. Healthcare was plagued by the misdelivery of electronic or paper documents. In the public sector, social engineering was the technique of choice.

By region, Asia Pacific breaches typically were caused by financial motivations and phishing. In EMEA, web application attacks, system intrusion, and social engineering were the norm.

Here are some more figures to ponder in the Verizon Business DBIR:

  • 85% of breaches involved a human element.
  • 61% of breaches involved credentials.
  • Ransomware appeared in 10% of breaches, double the previous year.
  • Compromised external cloud assets were more common than on-premises assets in incidents and breaches.

Verizon Business DBIR 2021