Optistar uses cookies to make our website work properly and to provide the most relevant content and services to our clients and site visitors.


Understand Your Data Breach Risk – 10 Facts and Stats

September 10, 2021

These 10 Cybersecurity Statistics Can Help You Understand Your Data Breach Risk

Statistics: Primary Causes of Cloud Data Breaches

The IT professionals surveyed in The State of Cloud Security 2021 had plenty of targets in mind as the influences that cause a cloud data breach. Spoiler alert: none of them are cybercriminal hackers.

  • 32% say too many APIs and interfaces to govern  
  • 31% cite lack of adequate controls and database oversight 
  • 27% point to lack of policy awareness around data security
  • 23% blamed old-fashioned negligence   
  • 21% said they are not checking Infrastructure as Code (IaC) prior to deployment 
  • 20% admitted that their IT team oversight is at fault 

10 Important Facts to Remember from the Verizon/Ponemon Institute Data Breach Investigations Report 2021

1. 85% of breaches involved a human element.

This is important because it illustrates that the top cause of data breaches is still human beings. Specifically, errors made by employees. Diving deeper, the top error that spawns data breaches is misconfiguration. In second place, misdelivery is still riding high on the chart. That includes accidentally sending someone information that they’re not authorized to have or sending the wrong information outside the organization.

2. 3-time champion phishing remained the top threat action that resulted in a breach.

To no one’s surprise, phishing remains the top data breach threat for the third year in a row. It actually increased by 10%, which tracks with the tremendous increase in email volume and record-breaking cybercrime rates that started in March 2020. This category does not include ransomware, which has become such a behemoth that it has its own category these days. This reinforces how crucial phishing defense is for every business.

3. The number of breaches that involved ransomware doubled.

The villain of the year in 2020 was ransomware, and that’s reflected in this report. The number of breaches studied that included ransomware doubled, a confirmation of just how dangerous this phishing-related threat is for every organization. Ransomware is already up by more than 100% in 2021 over record numbers in 2020 and it’s still climbing, making this the top security concern for 2021. Eliminating ransomware threats starts with eliminating phishing incidents.

4. 61% of breaches involved credentials.

Everyone wants to do things the easy way, even cybercriminals. The easy way for them to snatch up data is to obtain credentials through phishing, making strong access control a necessity. But beyond just phishing a credential from an employee, huge quantities of dark web records including 22 million more added in 2020 provide ample resources for password cracking. Taking the power out of stolen or cracked passwords is one of the prime benefits of multifactor authentication (MFA), and every company needs to be using it now.

5. 85% of social engineering actions that lead to a data breach are done via email.

Once again, there’s no surprise here but there is a strong illustration of why phishing resistance training is absolutely vital. Cybercriminals are using many different lures to entice employees into action through social engineering and they can be difficult to unmask. Phishing resistance training that teaches employees to spot and reject social engineering tricks, especially sophisticated social engineering attempts, is critical to keeping cybercriminals away from data.

6. 23% of monitored organizations experienced brute force or credential stuffing attacks.

Remember credential stuffing? It seems like all that the security world has been talking about is ransomware, but credential stuffing is just as dangerous. Almost a quarter of breaches last year were the fruit of credential stuffing- with 95% of them getting hit with between 637 and 3.3 billion credentials in order to force entry. This is an important reason why single sign on (SSO) is a must-have for access control. In case of trouble, SSO enables techs to quickly isolate a compromised user account and prevent further intrusion.

7. Over 80% of breaches were discovered by external parties.

This should be a troubling number for anyone securing data. More breaches are discovered by researchers than internal teams, a strong indication that lax cybersecurity practices can create big problems. Increased security awareness training and building a strong cybersecurity culture is the prescription for increasing vigilance to make sure that breach risks are caught sooner rather than later.

8. Credentials remain the most sought-after data type and personal data is the second most sought-after data type.

Continuing its winning streak, credentials are the most desirable data for cybercriminals to snatch. It’s not a surprise that gaining access to the heart of a business is at the top of the cybercriminal wishlist. Credentials make it easy for them to conduct multiple operations quickly. Personal data remains in second place, valued both for its usefulness in identity theft and spear phishing.

9. The majority of known data breaches involve loss of personal data, quickly followed by medical data.

Bad actors want personal data to power all sorts of cybercrime operations, and they’re working hard to get it. Thanks to the hot market for COVID-19 data in 2020, medical data is in second place. A record number of breaches at hospitals, laboratories, pharmaceutical companies and even medical data processors bears out that conclusion. Anyone who handles data like this needs to be maintaining strong access controls and phishing resistance training to keep cybercriminals out of it.

10. Business Email Compromise (BEC) is the second most common vector for social engineering.

Although the primary reason that cybercriminals choose to conduct sophisticated social engineering attacks in 2020 was phishing for credentials, BEC scams took their turn in the spotlight. These fraud attempts were also buoyed by high email volumes and uncertainty as many inexperienced remote workers created a bumper crop of targets ripe for the picking. Reliance on doing business remotely also made 2020 the perfect year for BEC. Companies will benefit from stepping up security awareness training around BEC to avoid trouble from this constant threat.

These cybersecurity statistics show that every business is in danger of a data breach. Allow Optistar Technology Consultants to help you keep your secure your data. Contact us for more information, or visit here to schedule a free 30 minute phone consultation to learn more!

Back to Insights
Sign up for More Insights