Verizon has released the seventeenth edition of the 2024 DBIR, an exhaustive analysis of the main trends, tactics, and consequences of cybersecurity incidents worldwide. Compiled from over 30,000 real security incidents (and more than 10,600 confirmed breaches) across 94 countries, this report provides clear insight into the threat landscape and the best practices for addressing it. Below is a summary of the most relevant points and recommendations derived from the study.
1. Increasing number of breaches and global scope
The report confirms a continuous rise in reported incidents. During the period analyzed (from November 1, 2022, to October 31, 2023), 30,458 security incidents were recorded, of which 10,626 were confirmed data breaches. This figure is a record high in the DBIR’s historical series, further highlighting the participation of organizations of all sizes and sectors.
2. Main attack patterns
The DBIR groups incidents into eight patterns:
1. System Intrusion: Continues to lead breach classifications, accounting for 36% of the total. This pattern involves sophisticated attacks based on a combination of hacking and malware, often aiming to deploy ransomware or exfiltrate critical data.
2. Social Engineering: This category encompasses attacks that compromise the “human” element as a fundamental asset, with a noticeable rise in pretexting (a form of Business Email Compromise, BEC) and phishing. The human factor remains pivotal, present in 68% of breaches.
3. Basic Web Application Attacks: While still very relevant—often involving stolen credentials from vulnerable web apps—its proportion decreased slightly in 2024, due to the growth of System Intrusion and human errors.
4. Miscellaneous Errors: This category has grown considerably, reaching 28% of breaches. It includes breaches caused by negligence or mistakes in system configuration, sending sensitive information to the wrong recipients, or accidentally exposing data in the cloud.
5. Privilege Misuse: Focuses on the improper use of internal privileges by employees or contractors. Although its overall share is smaller than that of other patterns, this kind of malicious insider activity remains significant.
6. Denial of Service: In incidents (rather than confirmed breaches), it remains very frequent (59%), mainly involving large-scale DDoS attacks. These typically affect system availability rather than causing data breaches.
7. Lost and Stolen Assets: Involves lost or stolen devices holding sensitive data (phones, laptops, or hard drives). Though less frequent, it is still relevant.
8. Everything Else: Atypical or complex incidents that do not fit into any of the other patterns.
3. The rise of ransomware and extortion
One of the most noteworthy findings is the consolidation of ransomware as a persistent mechanism of cyber extortion. Roughly 23% of all breaches involve ransomware, a record high for this type of attack. However, the DBIR emphasizes the notable growth of “non-encrypting” extortion, in which data is stolen and threatened with public disclosure. Combining both modalities (ransomware and extortion) brings the total to 32% of the breaches analyzed.
These campaigns have become more aggressive and sophisticated. For instance, Cl0p exploited zero-day vulnerabilities, such as MOVEit, compromising thousands of organizations globally. Average ransomware demands hover around 1.34% of the victim organization’s annual revenue, though in some cases they can exceed 8%. Beyond direct extortion, affected parties must also account for system restoration costs, legal notifications, and potential regulatory penalties
4. Human factor: the weakest link
Individual involvement (employees, contractors, or partners) in incidents remains decisive in 68% of breaches when pure insider malice (Privilege Misuse) is excluded. Two trends are particularly noteworthy
- Errors and oversights: The rise in the “Miscellaneous Errors” pattern highlights incidents where an employee or IT team member makes a mistake (e.g., misconfiguration, emails sent to the wrong recipients, or physical documents handed to unauthorized individuals).
- Social engineering: Phishing, BEC, and pretexting represent especially fast and effective attack vectors. On average, it takes less than 60 seconds for a user to be “hooked” by a fraudulent email once opened, according to awareness simulations reported by organizations.
5. Vulnerability exploits and supply chain
Attacks involving vulnerability exploitation have grown by 180% compared to the previous year, fueled by critical vulnerabilities (MOVEit, Log4j, etc.). Moreover, 15% of all breaches involve third parties (partners or third-party software), marking a notable increase from 9% in the previous period. This underscores the growing importance of supply chains and the associated risks of external software and services.
Additionally, organizations take roughly 55 days to patch 50% of vulnerabilities classified as critical by CISA, while malicious scanning and exploitation begin, on average, just 5 days after disclosure. This time gap allows cybercriminals to exploit outdated systems, necessitating a prioritized patching approach.
6. Costs and consequences
In addition to immediate losses (ransom payments, theft of funds or data), affected organizations face possible fines and regulatory sanctions, reputational harm, and system recovery costs. The DBIR indicates that the median cost of a ransomware incident reported to the FBI IC3 is around $46,000, though the total impact can rapidly escalate depending on the breach’s scope and the size of the organization
7. Key recommendations
The 2024 DBIR highlights the importance of:
• Swift and prioritized patching of critical vulnerabilities.
• Multifactor authentication (MFA) and robust password policies.
• Staff training and awareness to counter phishing and BEC.
• Reviewing supply chain security and choosing providers that adopt a “by design” security approach.
• Network segmentation, reliable backups, and regularly tested incident response plans.
Conclusion
Cybersecurity grows more complex each year. Attackers are refining ransomware and extortion methods, leveraging social engineering, software vulnerabilities, and supply-chain weaknesses. Organizations, in turn, have improved detection capabilities and are compelled to report more incidents, offering a clearer view of current threats. Nonetheless, the high degree of human involvement and the professionalization of cybercrime underscore that vigilance, collaboration, and continual enhancement of defenses remain crucial.
For organizations of all sizes, the primary keys are comprehensive protection of critical assets, thorough patching, effective user awareness programs such as Kymatio, verification of third-party security, and robust crisis management and disaster recovery plans. Ultimately, an organization’s resilience depends on its ability to anticipate risks, detect incidents quickly, and respond effectively to evolving criminal tactics.
