Free Cyber Risk Analysis: Your Top Cyber Risks in 3 Clicks

Get Started
Request Demo

News Coverage

Insights from Verizon’s 2019 Data Breach Report


$40 million stolen from the Binance cryptocurrency exchange yesterday by cybercriminals. Hackers infiltrating hundreds of Amazon merchant accounts late last year. The ongoing impact from the massive 2017 Equifax data breach exposing more than 148 million records.

The hit parade of cybersecurity breaches never lets up in this global, always-on, online world.

Verizon's 2019 Data Breach Investigations Report analyzed more than 41,000 data breaches worldwide.Verizon’s 2019 Data Breach Investigations Report (DBIR) provides insight from 41,686 security incidents and 2,013 data breaches provided by 73 data sources, both public and private, covering 86 countries. We’ve got some leading cybersecurity experts to help provide a perspective.

Adam Laub, SVP of Product Management, STEALTHbits Technologies said, “The 2019 Verizon Data Breach Investigations Report did not disappoint in terms of providing an interesting a captivating analysis of the past year’s data breach happenings. While there didn’t appear to be any particularly shocking findings with regards to attack TTPs, motives, industry statistics, or attack timelines, the 2019 DBIR again delivered the message – perhaps indirectly – that the absence of foundation-level and layered security controls, internal security discipline, and general security awareness are the common denominators in the data breach dilemma.”

Data breach report highlights

69% of data breaches were by outsiders and a surprising 34% involved insiders.

Verizon’s investigation showed 69% of data breaches were by outsiders and a surprising 34% involved insiders. Organized criminal groups were behind 39% of events and 23% were identified as “nation-states.”

The variety of attacks were wide-ranging including hacking (52%) and social media attacks (33%). 71% of the attacks were financially motivated while 25% were identified as espionage.

“The vast majority of security tools focus on user endpoints – laptops, desktops, mobile. But 80-90% of current incidents involve corporate servers, whether on-premises or in the cloud. Analysts like Gartner are stressing that user endpoint security tools are not effective in protecting servers or cloud workloads – in fact, they are dangerous because they provide a false sense of security. Server-side security requires much more attention,” said Satya Gupta, CTO, and Co-founder of Virsec.

The report also noted, “Payment card web application compromises are well on their way to exceeding physical terminal compromises in payment card-related breaches.”

Who got hacked?

43% of the victims were small business while others included public sector (16%), healthcare (15%), and the financial industry (10%).

Verizon said 43% of the victims were small business while others included public sector (16%), healthcare (15%), and the financial industry (10%).

Michael Magrath, Director, Global Regulations & Standards at OneSpan said, “The use of stolen credentials on banking applications remain common. The authors, like most security experts, recommend multifactor authentication to combat this vector of attack.  Until strong customer authentication is mandated through regulation, hackers will continue to steal login credentials. However, with secure, frictionless authentication solutions becoming commonplace, the use of stolen credentials is expected to significantly drop in future reports.”

C-suite executives were 12 times more likely to be the victim of social incidents and 9 times more likely to be the target of social breaches

C-suite executives were also a notable target with these leaders twelve times more likely to be the victim of social incidents and nine times more likely to be the target of social breaches than in previous years.

“The two most significant trends that stick out to me are the increased targeting of C-level executives and the need for standardization and visibility within organizations. The drastic increase in social attacks on C-level personnel points to the increased demand for cybersecurity awareness in the C-suite. More and more we are seeing information security leaders brought into business side discussions to provide cyber-focused insights and feedback on business strategy. The flywheel effect at work – involvement of cyber leaders and increased awareness in the executive suite – has an ongoing positive effect, a necessary change given that personnel, as well as systems, are under attack,” said George Wrenn, CEO of CyberSaint Security.

The Verizon 2019 Data Breach Investigations Report is valuable reading for executives concerned with cybersecurity. You can read the Executive Summary here for further insight.

You may also like

CyberSaint Launches NIST CSF ...
on May 8, 2024

BOSTON--(BUSINESS WIRE)--CyberSaint, the leader in cyber risk management, announced today the release of the NIST Cybersecurity Framework (CSF) Benchmarking Feature, which allows ...

CyberSaint Announces $21M in ...
on March 20, 2024

Boston, MA – March 20th, 2024 – CyberSaint, the leader in cyber risk management, today announced the company has raised $21M in Series A funding led by Riverside Acceleration ...

What to Expect When You’re ...
on March 13, 2024

Nathan Fisher has been in both the public and private sector—first as a special agent at the FBI and now, out of the federal game, as a special assistant of sorts, helping ...

Uncle Sam Intervenes as Change ...
on March 11, 2024

The US government has stepped in to help hospitals and other healthcare providers affected by the Change Healthcare ransomware infection, offering more relaxed Medicare rules and ...

How CISA Fights Cyber Threats ...
on March 11, 2024

After US election integrity and security took center stage as a political football after the 2020 Presidential race, the Cybersecurity and Infrastructure Security Agency (CISA) is ...

NIST Releases Expanded 2.0 Version ...
on April 25, 2024

The US National Institute of Standards and Technology released the 2.0 version of its Cybersecurity Framework, focusing more on governance and supply chain issues and offering ...