Connect with us

Hi, what are you looking for?


Incident Response

Verizon DBIR 2021: Ransomware, Web App and Phishing Attacks Dominate

Data breaches from 2020 show that not much has changed over the last year: businesses continue to struggle with the basics of securing web apps, cloud deployments and educating employees

Data breaches from 2020 show that not much has changed over the last year: businesses continue to struggle with the basics of securing web apps, cloud deployments and educating employees

The annual bible of security breaches landed on Thursday with confirmation of more bad news: ransomware attacks continue to explode as organizations struggle with securing web apps, cloud deployments and employees victimized by social engineering.

The data, contained in the new Verizon 2021 Data Breach Investigations Report (DBIR), shows that data-encrypting ransomware attacks appear in about 10 percent of breaches, more than double the frequency from last year.

After crunching the data, the DBIR found that the ransomware spike was influenced by new tactics, where some ransomware actors are stealing the data and naming-and-shaming victims during extortion negotiations. 

“These actors will first exfiltrate the data they encrypt so that they can threaten to reveal it publicly if the victim does not pay the ransom,” the report said, noting that ransomware is now in third place among actions causing breaches.

The report also calls out a spike in attacks against web applications, noting that web-app hacks are the main attack vector in the “hacking actions” category, accounting for more than 80 percent of all documented data breaches.

The 2021 DBIR is based on the analysis of nearly 30,000 incidents (including DDoS attacks) and more than 5,200 confirmed data breaches. While the overall number of incidents is smaller compared to the past two years, the number of breaches has continued to increase — roughly 2,000 breaches analyzed for the 2019 report and 4,000 for the 2020 report.

Advertisement. Scroll to continue reading.

Of the 5,258 confirmed data breaches, 885 impacted organizations in the public administration sector. This was the sector that reported the highest number of breaches, followed by professional services (630), healthcare (472), financial and insurance (467), information (381), education (344), mining (335), manufacturing (270) and retail (165).

Social engineering has been the biggest threat to organizations in the public administration and mining and utilities sectors. The number of breaches involving social engineering in these two sectors is higher than for all other sectors combined. 

Organizations in North America reported more than 13,000 incidents and over 1,000 data breaches last year, according to data from Verizon. In a vast majority of cases, the attacks were launched by financially-motivated actors, with social engineering, hacking and malware being their favorite tools.

More than 5,000 of the incidents and nearly 1,500 of the confirmed data breaches covered by the latest DBIR impacted organizations in the APAC region, where the most common type of attack involved financially-motivated hackers phishing employee credentials and using them to access email accounts and web application servers. 

The theft of credentials was also very common in the EMEA region, where there were more than 5,000 incidents and nearly 300 confirmed data breaches. 

Related: Verizon 2020 DBIR: More Extensive, Detailed and Thorough Than Ever

Related: Verizon Publishes 2019 Data Breach Investigations Report (DBIR) 

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.