Report finds 90% of data breaches are financially motivated

A concept image of a hacker behind a stream of binary
(Image credit: Shutterstock)

Verizon's Business 2020 Data Breach Investigation Report (2020 DBIR) found that over 90% of data breaches were financially motivated as hackers look to remain financially solvent.

Based on a study of 32,002 incidents and 3,950 confirmed incidents across 81 countries, the report also highlighted a 43% spike in web application breaches.

According to those surveyed, financially motivated breaches accounted for 91% of cyber security incidents in Northern America, compared to 70% of breaches Europe, the Middle East and Africa and 63% in the Asia Pacific region. In North America, 79% of hacking breaches leveraged stolen credentials in their attacks, while 33% of breaches employed phishing or pretexting techniques.

In Europe, the Middle East and Africa, over 80% of malware incidents pointed to denial of service (DoS) attacks while 40% of breaches used a combination of techniques to target vulnerable web applications. Another 14% of breaches have been associated with cyber-espionage.

Alex Pinto, lead author of the report commented: “Security headlines often talk about spying, or grudge attacks, as a key driver for cyber crime - our data shows that is not the case. Financial gain continues to drive organized crime to exploit system vulnerabilities or human error.

"The good news is that there is a lot that organizations can do to protect themselves, including the ability to track common patterns within cyber attack journeys - a security game-changer - that puts control back into the hands of organizations around the globe.”

The 2020 DBIR also took note of a 43% increase in web application breaches, double the number reported in 2019. In 80% of these cases, threat actors used stolen credentials to carry out their campaigns. Cases of ransomware also grew by 3% to account for 27% of all malware attacks, and 18% of businesses reported they blocked at least one ransomware attack in 2019.

Tami Erwin, CEO of Verizon Business, warned: "In addition to protecting their systems from attack, we urge all businesses to continue employee education as phishing schemes become increasingly sophisticated and malicious."