Verizon Data Breach Investigations Report: Ransomware Remains Stable, Costs Double

The Verizon Data Breach Investigations Report (DBIR) study shows that ransomware is one of the leading variants of breaches, with its share remaining statistically stable at 24 percent. Nevertheless, there were significant increases in the years before.
Verizon Business’s DBIR 2023 survey is the 16th edition of the survey. Verizon analyzed data about security incidents, including 16,312 security incidents this year, of which at least 5,199 were data breaches.

Rising Costs

The number of ransomware attacks is high, according to Verizon data. “Ransomware continues to reign as one of the most common action types in breaches, and while it didn’t really grow, it remained statistically stable at 24 percent. Ransomware is ubiquitous in organizations of all sizes and industries.”
Chris Novak, Managing Director of Cybersecurity Consulting at Verizon Business, cites no direct cause for this. He does, however, express the suspicion that hackers may have difficulty in continuing to increase the frequency very quickly because it is difficult to allow the group of cybercriminals to grow significantly. It can also be so that measures taken by organizations slow down further growth, although both causes are unconfirmed.
Verizon cites the median cost per ransomware as one of its key findings. In the past two years, according to the data of the study, it has doubled to $ 26,000, which amounts to about 24,300 euros. 95 percent of the incidents show a loss of $ 1 to $ 2.25 million.
Verizon last analyzed such data in 2021. At that time, 90 percent of the incidents did not result in a financial loss. That is now statistically a bit better, as 93 percent of the incidents now involved no financial loss. A possible explanation here is that backup strategies are slightly better designed.

Human Element

In addition, Verizon Business research shows that 74 percent of breaches involve a human element. This is despite enterprise organizations continuing to invest in critical infrastructure and training around cybersecurity protocols.
One of the most common ways cybercriminals prey on humans is through social engineering. For example, they try to get hold of sensitive information from a company via phishing emails, malicious links, and other methods. Organizations should be aware of these tactics and train their employees to recognize and avoid them.
Organizations must also ensure that their systems are up-to-date and that they have the latest security patches installed. This is especially important for ransomware attacks, which can spread quickly and cause significant damage.
Finally, organizations should have a plan in place to respond to a ransomware attack. This should include a backup strategy that allows them to quickly restore their systems in the event of an attack.
The findings of the Verizon Data Breach Investigations Report show that ransomware remains a major threat to organizations. Organizations must take steps to protect themselves, including training their employees, keeping their systems up-to-date, and having a plan in place to respond to an attack. Doing so can help reduce the risk of a successful ransomware attack and the associated costs.