General security

Verizon DBIR 2021 summary: 7 things you should know

Greg Belding
August 3, 2021 by
Greg Belding

The 2021 edition of the Data Breach Investigations Report from Verizon contains critical points and trends related to data breach incidents for the year. It provides a substantial amount of visual data presentation to make the nearly 30,000 threats, 5,258 confirmed breaches and 14 million investigative leads easy to understand at a glance. Among the many findings of the report is an increase in phishing, social engineering, ransomware and numerous trends that are continuations of what we have seen in previous years. 

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

2021 DBIR

The 2021 DBIR is different from the previous DBIR editions in that it has changed the incident classification patterns that it uses to look at data breach incidents. Below is a side-by-side comparison of the 2021 DBIR incident classification patterns and previous editions of the report:

Previous incident classification patterns 2021 incident classification patterns

Web applications Basic web application attacks

Privilege misuse Denial of service

Point of sale Everything else

Payment card skimmers Lost and stolen assets

Miscellaneous errors Miscellaneous errors

Lost and stolen assets Privilege misuse

Everything else Social engineering

Denial of service System intrusion



This change shows that the DBIR is now focusing more on the actual characteristics of the data breaches.

1. Still gone phishin’

As in the 2020 DBIR, phishing is the top data breach tactic for 2021. The change in 2021 is that phishing has increased 11% to a whopping presence in 36% of data breaches. COVID-19 themed phishing lures that began when stay-at-home orders started clamping the world down in early 2020 have bolstered numbers.

2. The people factor

Coming in as a close second place, but possibly the most important finding of the entire 2021 DBIR is that 85% of all data breaches involved some human element. This means that as many organizations may provide cybersecurity awareness training to their employees, they are still the weak link in many a data breach. This may have come from social engineering, BEC attempts that trick the human user or unintentionally misdelivering sensitive information.

3. Money makes the world go ‘round

One of the many data breach factors the DBIR tracks is the top actor motives in incidents. As with previous years, financially motivated attacks take the cake for the most common attacks in 2021. It should not surprise them that the two most commonly used cybercrime terms in forums are “bank account” and “credit card.”

4. They know yourself better than you do

A fascinating finding from the 2021 DBIR is that external parties discovered most data breaches (and by most, we are talking about over 80%!) This indicates that organizations are neglecting threat detection and response, which means that while the people factor is the weak link in organizational information security, the organization itself has not shown up to the proverbial field. 

5. Social engineering

Another alarming increase of an attack-type that leads to a data breach is that of social engineering attacks. Social engineering has increased from 22% to nearly 35%. Since 2017, we have seen an uptick in social engineering attacks leading to data breaches but in no year have they increased as much as they have from 2020 to 2021. Compromised cloud-based email servers, as well as the COVID-19 pandemic, are likely to blame. 

An alarming fact was the use of BEC for social engineering in 2021, which has jumped a whopping 15 times (not percent, but times!) over 2020. For some reason, the year of lockdowns and COVID has led to an even scarier pandemic: misrepresentation.

6. Ransomware

Ransomware is very well represented on the 2021 DBIR, even more so than in 2020. It was responsible for the majority of all data breaches caused by malware. Moreover, around 10% of all data breaches observed in the report involved some form of ransomware. This confirms an overall upward trend of the use of ransomware in data breaches since 2016.

This increase in malware over 2020 is credited to the fact that threat actors have adopted a new tactic that goes above and beyond merely encrypting it. Data is now being published online in ransomware blogs, forums and other online media. Payment data is not the only sensitive data targeted by ransomware attacks; now they focus on any data which will harm the organization. The top forms of ransomware are stolen credentials, malicious emails and brute force attacks. 

7. Targeted data

The most target in data breaches, as in previous years, is that of credentials. It should not come as a big surprise as the cybercriminals will have broad access to both systems and sensitive information when they have credentials.

Credentials are not the only data that criminals go after in a data breach. Personal data is also highly targeted. Once they get a hold of personal information, it is then used in committing fraud or sometimes it is sold on the dark web. The complete list of the most commonly targeted data is:

  • Credentials
  • Personal data
  • Bank data
  • Internal data

Stay educated by reading the DBIR

The 2021 DBIR gives us another insightful glimpse into the world of data breaches based upon real-world data breach information and statistics. 2021 is in many ways a continuation of the new changes discovered in 2020, such as a strong phishing presence, money being the primary motivation for cybercriminals, and an even more significant jump in social engineering based upon the COVID-19 pandemic than even 2020.



DBIR: 2021 Data Breach Investigations Report, Verizon.

Greg Belding
Greg Belding

Greg is a Veteran IT Professional working in the Healthcare field. He enjoys Information Security, creating Information Defensive Strategy, and writing – both as a Cybersecurity Blogger as well as for fun.