For those who lack the time to read the entire report, here are some of the key findings along with some comments.

Attackers

• 75% of breaches done by outsiders.
• 25% involved internal actors.
• 18% state actors.
• 51% involved organized crime actors.

I see 25% involving internal actors as quite high, but that depends on the definition of “involved”.

Targets

• 24% of breaches affected financial organizations
• 15% of breaches affected healthcare
• Public sector were third at 12%
• Retail and hospitality combined for another 15% of breaches.

Tactics

• 62% of breaches used “hacking”
• 51% of breaches used malware
• 81% leveraged stolen/weak passwords
• 43% were social engineering based

What does “hacking” mean? And how much hacking did or did not involve malware?

Other findings

• 66% of malware got in via email
• 73% of breaches were financially motivated
• 21% of breaches were espionage related
• 27% were discovered by third parties

Analysis

I find the 1/4 insider involvement to be high. Not saying it’s wrong. Just saying it seems high.

I think they could use a better term than “hacking” to describe their most common type of tactic. Perhaps “manual intervention”?

I’d love to see some sort of analysis of controls in this report, or a similar report. So basically what controls from say the CIS set are most recommended this year based on the DBIR findings?

That’s not a bullseye because every company is different, but maybe they could do a recommended controls list for each industry or something.

Anyway, solid stuff as usual from he team. And I enjoyed the summary as well.

Notes

1. I imagine a lot of these questions were answered in the full version of the report. This is analysis of the executive summary.