It’s Back for Spring 2016: The Annual Verizon Data Breach Investigations Report

Butler Snow LLP

Last year around this time we examined the results of Verizon’s annual Data Breach Investigations Report (DBIR).  As in year’s past, Verizon analyzed the data it received from companies across the country about security incidents and data breaches the companies experienced.  In total, Verizon examined over 100,000 incidents from across eighty-two countries.  The results of the analysis provide key insights into the constantly evolving world of cyber-security. While it is not a quick read, it is a must read for companies that want to stay on top of today’s security risks and vulnerabilities.  Without further ado, the results of this year’s report:

Financial gain was still the number one motivator behind data breaches.  Industries hit hardest with confirmed data breaches this year were finance, accommodation, information, and public.   63% of confirmed data breaches involved weak, default or stolen passwords.  A large majority of breaches are still caused by “miscellaneous error,” which includes incidents like sending an email to the wrong recipient and not disposing of documents properly.  Phishing retained its status as the method of choice for would be hackers, and resulted in 9,576 incidents in 2015.  30% of phishing messages were opened by recipients, which is a 7% increase from last year. About 12% of the people went on to click the malicious attachment.  On average, these emails get opened within two minutes.  Shockingly, only 3% of targeted individuals alerted management of the phishing email.

What does all this mean? Verizon said it best, “what we have here is a failure to communicate.”  These numbers establish that “the communication between the criminal and the victim is much more effective than the communication between employees and security staff.”  As a result, companies should implement routine employee security awareness training and exercises, as well as, implement a hassle-free way for employees to report incidents.  Companies should ensure that employees are required to regularly change passwords and cannot duplicate them across networks.  Finally, companies should keep a record of common “miscellaneous errors” that have plagued the organization and then implement employee training which is targeted to minimize these errors in the future.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Butler Snow LLP | Attorney Advertising

Written by:

Butler Snow LLP

Butler Snow LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.