Verizon's latest report covers data breaches investigated during 2012 by the company's RISK Team and 18 other organizations from around the globe, including various law enforcement agencies (including the U.S. Secret Service) and national computer emergency response teams (CERTs).
The report compiles information from more than 47,000 security incidents and 621 confirmed data breaches resulting in over 44 million compromised records across 27 countries. But what's particularly notable is that this is the first time Verizon has incorporated information on breaches resulting from state-sponsored cyberespionage attacks. In fact, such attacks accounted for 19% of the data breaches covered in the report, with more than 95% of the associated cases originating from China.
The full Verizon report is 63 pages long. Here are a few of the most-notable highlights:
- 37% of breaches affected financial institutions; 24% retail
- 92% of breaches were perpetrated by outsiders
- 19% of breaches attributed to state-affiliated actors
- 52% of breaches used some form of hacking
- 40% of breaches incorporated malware
- 29% of breaches leveraged social tactics
- 78% of initial intrusions rated as low difficulty
- 69% of breaches discovered by external parties
- 66% took months or more to discover