Verizon’s 2024 Data Breach Investigations Report: Key insights

10 May 2024
Book your demo now >

The 2024 Data Breach Investigations Report (DBIR) is out, providing an in-depth look at the latest trends in cybersecurity. This year’s findings reveal some critical insights: a significant increase in vulnerability exploitation, the continuing impact of ransomware and extortion tactics, the crucial role human error plays in breaches, and the rising threats from supply chain attacks. 

Take a look at these highlights to benchmark your security posture against wider industry standards.

Vulnerability Exploitation

  • Vulnerability exploitation has nearly tripled (180% increase).
  • Main entry point: Web applications.
  • Average time to remediate 50% of critical vulnerabilities: 55 days.

Continuous security validation is crucial when new critical vulnerabilities inevitably emerge, giving you a better chance to reduce or eliminate their impact.

The Impact of Ransomware and Extortion Techniques

  • A third of all breaches involved ransomware or some extortion technique.
  • Ransomware affects 92% of industries but is down to 23% of cases.
  • The average ransom demanded depends on company revenue, with the average being 1.34% of revenue.
  • Median loss from these attacks: $46,000, with almost all ranging between $3 and $1,141,467.

Pure extortion (with no encryption), rare in 2022, is gaining frequency. Moving to a Continuous Threat Exposure Management (CTEM) strategy helps to validate whether these extortion techniques can be successfully executed in your environment.

The Human Factor

  • Human error is involved in 68% of breaches.
  • Median time to click a phishing link: 21 seconds.
  • Median time to enter data post-click: 28 seconds.
  • Median time to fall for a phishing email: over 60 seconds.

Knowing where human fallibility occurs allows you to focus on security processes that will minimize its impact.

Supply Chain and Internal Threats

  • Supply chain attacks are up by 68% from last year, accounting for 15% of breaches.
  • External malicious actors account for 65% of incidents.
  • Internal threat incidents account for 35%.

The increase over previous years signals a pressing need for monitoring third-party tools and validating access privileges.

Adopting Effective Security Strategies

The DBIR findings highlight the urgent need for stronger cybersecurity measures. Traditional defenses do not suffice against an increasingly complex growing threat landscape. Based on the report’s findings organizations would do well to adopt continuous security validation, employee training, and rigorous third-party monitoring.

See more industry statistics of how security leaders in enterprises across the globe are managing their pentesting programs across their organizations. Click here to read the full Pentera State of Pentesting Report 2024

Subscribe to our newsletter

Find out for yourself.

Begin your journey in security validation and see why leading companies trust us with their cybersecurity validation.

Start with a demo
Related articles

Correcting Common Firewall Misconfigurations

  Network misconfigurations take on many types and forms, and come about for many different reasons. Many of them stem from blind adhere...

Preventing DHCP Spoofing Attacks

DHCP is an essential Windows networking protocol and a favorite among network admins. Let’s go over the basics of DHCP allocation and review common ...

Best Practices for Cybersecurity Hygiene

CEOs cite cybersecurity as the biggest threat to the world economy and as a result, the global spend in cybersecurity is expected to surpass $1 tril...