According to the Verizon Business Data Breach Investigations Report, web applications represented 39% of all data breaches in the last year, with phishing attacks jumping 11% and ransomware up 6% from a year ago.
Based on 5,358 breaches from 83 contributors worldwide, the report highlights how the COVID-19 pandemic move to the cloud and remote work opened up a few avenues for cybercrime.
Verizon Business found that 61% of all breaches involved credential data. Consistent with previous years, human negligence was the biggest threat to security.
Each industry in the DBIR had its security nuances. For instance, 83% of data compromised in the financial and insurance industry was personal data, said Verizon Business. Healthcare was plagued by the misdelivery of electronic or paper documents. In the public sector, social engineering was the technique of choice.
By region, Asia Pacific breaches typically were caused by financial motivations and phishing. In EMEA, web application attacks, system intrusion, and social engineering were the norm.
Here are some more figures to ponder in the Verizon
Business DBIR:
- 85% of breaches involved a human element.
- 61% of breaches involved credentials.
- The ransomware appeared in 10% of breaches, double the previous year.
- Compromised external cloud assets were more common than on-premises assets in incidents and breaches.

