Verizon’s 2020 DBIR: The Threat Landscape Continues to Explode

By Paladion

May 19, 2020

Threats are inevitable, but that does not mean you are powerless to protect yourself.

You can fight back… analyzing threat data is one of the first steps to develop a holistic cybersecurity strategy. And today, we are providing just that, through a critical new report that we are proud to have contributed to.  

Enter Verizon’s 2020 Data Breach Investigation Report (DBIR)

Verizon has just published its 2020 Data Breach Investigation Report (DBIR).

This is the 13th year that Verizon has published this report, and over that period it has become one of the gold standards of cybersecurity data collection, analysis, and reporting— and every year it just gets better.

For their 2020 report, Verizon analyzed 157,525 security incidents, up from analyzing just 41,000 security incidents in their 2019 report. These incidents resulted in 3,950 confirmed data breaches that Verizon analyzed in-depth throughout its report.

Verizon compiled these data from 81 different contributing security organizations, spread across 81 countries, and these data represent incidents occurring in 16 different verticals.

It is a massive and critical undertaking, and we are proud to have once again contributed our own datasets to Verizon’s report to shine an honest and comprehensive light on the state of cybersecurity and to help organizations like yours better understand what you are up against and what you can do to stand your ground and resist the threats at your door.

And Verizon’s 2020 DBIR makes it clear that those threats are real, they are dangerous, and they are worth raising your defenses against as quickly and as thoroughly as possible.

New call-to-action

Verizon’s 2020 DBIR: Key Findings

Reviewing the DBIR’s data, we uncovered a few big themes that drive today’s cybercrime.

  • Theme One: Every Vertical is Vulnerable, But Some More Than Others

    While every vertical was attacked and successfully breached in 2020, some verticals attracted far more attention than others. Of the 3,262 breaches that were successfully attributed to a specific industry, over half (1,710) of those breaches occurred within just four verticals— Healthcare (521), Finance (448), Manufacturing (381), and Information (360).

While Healthcare and Finance were the most-breached verticals, the data suggests Manufacturing (the third most-breached vertical) was the hardest hit by these attacks.

Every other vertical experienced a near-equivalent number of small and large breaches. Yet the vast majority of breaches in Manufacturing were significant— 185 large breaches, compared to just 5 small breaches—suggesting a much greater state of vulnerability to suffering real harm within this vertical.

  • Theme Two: You Face Multiple Threat Vectors

    Once again, there is no single, dominant form of attack driving today’s threat landscape. Nearly half of breaches (45%) featured Hacking, but that is the closest to a common enemy that we find. Both Errors and Social Attacks were causal events in 22% of breaches, each. Malware only accounted for 17% of breaches, followed by misuse by authorized users (8%) and physical security breaches (4%).

While 86% of breaches were financially motivated, the actual malicious actors behind the threats varied wildly. 70% of breaches were caused by external actors, and 30% by internal, while 55% of breaches were caused by organized criminal groups. Interestingly, these groups appear to be working alone, as only 1% of breaches featured multiple parties.


  • Theme Three: Criminals Are Targeting Multiple Assets

    The DBIR also found that breaches targeted and compromised a wide variety of assets. Approximately 40% of breaches targeted a web application, while approximately 25% targeted desktops or laptops. However, a meaningful percentage of threats continued to target mail, databases, documents, and end-users, suggesting that no asset within the enterprise is truly safe from attack.

Cloud-based breaches, in particular, focused on email and web application servers 73% of the time, while 77% of Cloud-based breaches involved stolen credentials, suggesting that malicious actors continue to find fast, easy, and direct routes into Cloud infrastructure that bypasses internal security controls and configurations.

The Good News: Next-Generation Cybersecurity Appears to be Working

While most of the data presented in Verizon’s report is troubling, we wanted to highlight a sign of hope— 81% of the breaches they examined were contained in days or less.

Consider this fact for a moment. Over the years, we have seen organizations struggle to rapidly detect, respond to, and remediate breaches. The average time to identify and remediate a breach has traditionally been weeks, months, or, at times, even years. And yet, most of the organizations breached were now able to eliminate their threat before that threat had time to fully develop and cause a catastrophic breach.

Now, that does not mean that organizations are in the clear when it comes to cybersecurity. Far from it. This data simply suggests that organizations are beginning to take it seriously, and are investing in the capabilities required to protect themselves after the worst-case scenario has occurred.

As you consider your own security posture, and look at the improvements you seek to make in 2020, consider whether or not it is time to join the wealth of companies that are looking at the threats facing them, and doing whatever it takes to develop the ability to fight back— before, during, and after those threats strike.

To learn more about the threats you face, download your copy of Verizon’s report.

To discuss bringing Paladion to your defence, contact us today.