Introduction

Please provide the information below to view the online Verizon Data Breach Investigations Report.

The information provided will be used in accordance with our terms set out in our Privacy Notice. Please confirm you have read and understood this Notice.

By submitting the form, you are agreeing to receive insights, reports and other information from Verizon and affiliated companies in accordance with our Privacy Policy. California residents can view our California Privacy Notice.

Verizon may wish to contact you in the future concerning its products and/or services. If you would like to receive these communications from Verizon, indicate by selecting from the dropdown menu below. Please note that you can unsubscribe or update your preferences at any time.

Indicates a required field. The content access link will be emailed to you.

View only

Thank You.

Thank you.

You will soon receive an email with a link to confirm your access, or follow the link below.

Download this document

Thank you.

You may now close this message and continue to your article.

  • Welcome to the 15th annual Verizon Data Breach Investigations Report! It is truly hard to believe that it has been 15 years since our inaugural installment of this document. Were we to indulge our imaginations with anthropomorphic comparisons, we might find this report having its braces removed, finally being able to get a driver’s permit, overusing sarcasm, perhaps becoming a bit goth and generally being unappreciative. But we won’t bother with all that. We will simply say THANK YOU! Thank you to our contributors for your continued willingness to share your data, insight and vast experience in a selfless effort to improve this industry. A huge thank you to our readers for sticking with us through this long and epic journey, for being the reason we work so hard to produce this report, and most of all, for keeping us from having to get real jobs. 

    The past few years have been overwhelming for all of us. Just when we think we have reached the uttermost limit of our ability to be surprised, the world throws us yet another curve ball. Honestly, at this point, we here on the team would not so much as blink if Sasquatch were elected Governor, if Area 51 opened a bed and breakfast, or if ransomware increased yet again. Spoiler alert–one of those things did, in fact, happen. (Congrats, Squatch! You deserve it.) 

    The past year has been extraordinary in a number of ways, but it was certainly memorable with regard to the murky world of cybercrime. From very well publicized critical infrastructure attacks to massive supply chain breaches, the financially motivated criminals and nefarious nation-state actors have rarely, if ever, come out swinging the way they did over the last 12 months. As always, we will examine what our data has to tell us about these and the other common action types used against enterprises. Also, in honor of the 15th edition of the DBIR, we will occasionally refer back to comments, charts, and figures from previous editions of this report to see how far we, as an industry, have come, and how the threat landscape and the techniques threat actors utilize have changed. This year the DBIR team analyzed 23,896 security incidents, of which, 5,212 were confirmed data breaches.

    With that in mind, let’s revisit the Introduction to the 2018 DBIR:

    “The DBIR was created to provide a place for security practitioners to look for data-driven, real-world views on what commonly befalls companies with regard to cybercrime. That need to know what is happening and what we can do to protect ourselves is why the DBIR remains relevant over a decade later. We hope that as in years past, you will be able to use this report and the information it contains to increase your awareness of what tactics attackers are likely to use against organizations in your industry, as a tool to encourage executives to support much-needed security initiatives, and as a way to illustrate to employees the importance of security and how they can help.”

    From that perspective, we are proud to say that nothing has changed, and we hope you both enjoy the report and find the information it contains useful. Thanks again, for everything. 

     

    The DBIR Team

    Gabriel Bassett, C. David Hylender, Philippe Langlois, Alex Pinto, Suzanne Widup

    Special thanks to Dave Kennedy of the Verizon Threat Research Advisory Center (VTRAC) for his continued support and yearly contribution to this report, and to the Verizon Sheriff Team for their invaluable assistance.

Let's get started.