Verizon data breach study finds cyber espionage on the rise

Verizon data breach study finds cyber espionage on the rise
© Getty Images

Cyber espionage is the most common form of attack targeting manufacturing companies, the public sector and education organizations, Verizon found in its annual investigative report on data breaches released Thursday.

The company's latest report analyzed nearly 2,000 breaches around the world, identifying more than 300 as espionage-related.

Verizon's study also found a 50 percent increase in ransomware attacks over the previous year. More than half of the data breaches analyzed used malware, with ransomware becoming the fifth-most commonly used variety.

The top three industries targeted by data breaches were financial services, healthcare and the public sector, representing 25 percent, 15 percent and 12 percent of the breaches reviewed, respectively, according to the report.

The study also found that nearly 7 in 10 healthcare threat actors were inside the targeted organization. 


Large organizations are not the only focus — more than 60 percent of the victims analyzed in the latest report were businesses with less than 1,000 employees.

Unsurprisingly, the study also shows that lax security practices are a major vulnerability for businesses. More than 8 in 10 of the hacking-related breaches involved the use of stolen or weak passwords.

The report, which includes a number of takeaways for specific industries, draws on collective data of breaches and incidents investigated by Verizon or its 65 partner organizations globally. 

“The cybercrime data for each industry varies dramatically,” Bryan Sartin, the executive director of Global Security Services at Verizon Enterprise Solutions, said. 

“It is only by understanding the fundamental workings of each vertical that you can appreciate the cybersecurity challenges they face and recommend appropriate actions.” 

“Our report demonstrates that there is no such thing as an impenetrable system, but doing the basics well makes a real difference,” he said. “Often, even a basic defense will deter cybercriminals who will move on to look for an easier target.”