Verizon has published its Data Breach Investigations Report 2016, in which organizations from around the world have sent their data on thousands of security incidents and data breaches. The researchers analyzed that information to highlight new patterns, steady trends, and interesting tidbits in the evolving world of cyber security.

In its 2016 Data Breach Investigations Report, a final data set of 64,199 security incidents and 2,260 data breaches has been used. According to the report, no organization is safe from attackers. Due to lack of resources or even lack of awareness, many organizations have failed to secure their information and became an easy target for cyber criminals.

This year, incidents occurred in over 82 countries across a variety of organizations, especially in the public, entertainment, finance, and information sectors. There were far more security incidents than data breaches, which resulted in the confirmed disclosure of data to an unauthorized party.

Moreover, a majority of the attackers behind this year’s incidents were external actors motivated by financial gain. Most of the affected organizations belong to financial, information and public sectors, whose information can payoff attacker with a reasonable amount in the black market. The attacks were initiated by hacking, malware and phishing distribution and by using social engineering.

Phishing is a quick and easy way for attackers to steal a victim’s credentials, which took only few minutes to compromise. While, ex-filtration took days, periods of time which reflects a rise in point-of-sale attacks where malicious actors drop malware that capture, package, and execute scheduled ex-filtration reports.

cyber security report 2016

The above figure shows that the time for attackers to compromise a target decreases, as well as time for companies to discover a security incident also decreases. Unfortunately, the percentage is increasing at a slower rate than the proportion of compromises that took days or less. It shows that the attackers are one step ahead of security personnel.


According to study, not all vulnerabilities are exploited the same. Some took days, while some took months to exploit. On average, bad actors took about a month to exploit vulnerability and attempt the exploitation within 10 to 100 days.

The attackers doesn’t only focus on finding and exploiting new vulnerabilities, but they also go for previously found vulnerabilities in order to automate the process of exploitation. So, the organization should work and focus on prioritizing the vulnerabilities that should be remediate first, apply risk mitigation or replace an asset if it can’t be patched, and implement vulnerability scanning to detect those known vulnerabilities.

The above figure shows the number of vulnerabilities found in a week that are remediated/ unhandled. X axis shows the number of weeks, whereas, Y axis shows the normalized number of vulnerabilities. The gray line shows the ratio o normalized/ remediated and unhandled vulnerabilities.


For the first time in the history of Verizon’s Data Breach Investigation Report, the topic of credentials received its own section. There were 1,429 incidents of credential theft last year in which attackers made off with credentials via hacking and malware, and they in turn used the stolen credentials more than 77 percent of the time.

Figure 3 shows the difference of different breaches, in which the credential loss is at the top. It means that organizations should focus on implementing strong authentication mechanisms.

Incident Classification Pattern:

According to the report, 90 percent of the breaches found in this year’s DBIR fit into one of nine classification patterns: web app attacks, POS intrusions, miscellaneous errors, privilege misuse, cyber-espionage, payment card skimmers, physical theft/loss, crime-ware, denial of service, and everything else.

Key finding:

  • There were a lot of denial-of-service attacks across all industries.
  • Web apps faced the greatest number of confirmed data breaches.
  • Patterns commonly classified as incidents as opposed to confirmed data breaches (Crimeware, Insider and Privilege Misuse, and Physical Theft and Loss) were mostly provided by public sector and healthcare.

Figure 4 shows the classified pattern along with the comparison grey line that shows the statistics from the previous year (2015).

As cybercrime escalates and protection and preparedness become increasingly important for every organization, it’s ultimately working together that will bolster the ability to combat mounting threats. In an environment where hackers are often one step ahead, organizations should focus on adopting some concrete strategies and policies to overcome this serious issue.