Verizon released its 15th annual report on data breaches last week, finding that ransomware attacks increased by 13 percent in a single year—representing a jump greater than the prior five years combined.
The Verizon Business 2022 Data Breach Investigations Report (2022 DBIR) includes an analysis of 23,896 security incidents, including 5,212 confirmed data breaches, with the incidents described taking place from Nov. 1, 2020, to Oct. 31, 2021.
Noting that the past year has also been dominated by supply chain issues for many businesses, a media statement summarizing some report highlights noted that this trend was also reflected across the cybersecurity landscape with some 62 percent of system Intrusion incidents come through an organization’s partner. “Compromising the right partner is a force multiplier for cybercriminals, and highlights the difficulties that many organizations face in securing their supply chain,” the statement said.
Other key findings:
- Roughly four out of five breaches can be attributed to organized crime.
- One-quarter of the total breaches in the 2022 report were the result of social engineering attacks.
- Combining social engineering situations with other human errors and breaches resulting from misuse of privilege, the human element accounts for 82 percent of analyzed breaches over the past year.
Separately, Coalition, a managing general insurance agency and cybersecurity InsurTech company, which provided Verizon with access to its Internet scanning data for the report, offered advice to brokers about how then can use the Verizon DBIR) to talk about cyber insurance with customers in a blog item. The blog post authored by Tiago Henriques, director of engineering, highlights the points above and also makes note of several pages of the report devoted to “very small businesses,” defined as those with 10 or fewer employees. This is the first time such small businesses were specifically addressed in the report. “Threat actors have the ‘we’ll take anything we can get’ philosophy when it comes to cybercrime,” the report says, supported by finding 832 incidents for the group last year.
Coalition data used for the DBIR is part of Coalition’s Active Risk Platform, which analyzes complex sets of public data, threat intelligence, and proprietary claims information to create personalized risk assessments and threat monitoring.
Sources: Verizon; Coalition