Nearly half of EMEA data breaches were due to internal blunders in 2023

Cyber security concept image showing digitized padlock sitting on a computer circuit board.
(Image credit: Getty Images)

Almost half of the data breaches in EMEA are initiated internally, according to new research from Verizon's annual Data Breach Investigations Report.

Across the region, it said, the top reasons for cyber security incidents are miscellaneous errors, system intrusion, and social engineering, which account for 87% of breaches. The most common types of data compromised are personal, at 64%, internal, at 33%, and credentials at 20%.

Similarly, more than two-thirds of breaches globally, whether they include a third party or not, involve a non-malicious human action - around the same percentage as last year.

However, reporting practices appear to be improving, with 20% of users identifying and reporting phishing in simulation engagements, and 11% of users who clicked on emails also reporting it.

"The persistence of the human element in breaches shows that organizations in EMEA must continue to combat this trend by prioritizing training and raising awareness of cyber security best practices," said Sanjiv Gossain, EMEA vice president for Verizon Business.

"However, the increase in self-reporting is promising, and indicates a cultural shift in the importance of cyber security awareness among the general workforce."

Zero-day vulnerabilities are still a persistent threat, with the exploitation of vulnerabilities as an initial point of entry increasing since last year, and now accounting for 14% of all breaches.

This spike, Verizon said, was driven mainly by the scope and growing frequency of zero-day exploits by ransomware actors - most notably the MOVEit breach.

Alistair Neil, EMEA senior director of security at Verizon Business, said this is largely due to the interconnectedness of supply chains.

"Last year, 15% of breaches involved a third party, including data custodians, third-party software vulnerabilities, and other direct or indirect supply chain issues," he commented.

Encouragingly, the rise of AI was found to be less of a threat than challenges in large-scale vulnerability management.

"While the adoption of artificial intelligence to gain access to valuable corporate assets is a concern on the horizon, a failure to patch basic vulnerabilities has threat actors not needing to rapidly advance their approach and focusing their use of AI on accelerating social engineering," said Chris Novak, senior director of cyber security consulting.

Around a third of all breaches involved some type of extortion technique, including ransomware. Over the past two years, a quarter of financially motivated incidents involved pretexting, and the use of stolen credentials has appeared in almost a third of all breaches over the last ten years.

"The Verizon DBIR shows it's still the basic security errors putting organizations at risk, such as long windows between discovering and patching vulnerabilities, and employees being inadequately trained to identify scams," commented William Wright, CEO of Closed Door Security.

"This needs to change as a priority because no business can afford to gamble or take chances with cyber hygiene. Just look at Change Healthcare, the breach was executed via an unsecured employee credential and the organization is now facing over a billion in losses. No other organization wants to find itself in this position."

Emma Woollacott

Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.