Threat Intelligence

2020 Verizon data breach investigations report: Summary and key findings for security professionals

Greg Belding
October 21, 2020 by
Greg Belding

The Verizon Data Breach Investigations Report, or the Verizon Data Breach Report, is an annual report intended for information security professionals. It summarizes 3,950 confirmed data breaches and is a collection of work from 81 contributors spanning 81 countries and has grown more than a little bit since last year’s twelfth edition. 

Navigating this year’s Verizon Data Breach Report may be a bit confusing, as its format has changed. Fortunately, this article will do the legwork for you! It will offer a summary of the Verizon Data Breach Report as well as key findings that information security professionals can use as a sort of road map to use for how the information security landscape will look in the year to come.

Hands-on threat intel training

Hands-on threat intel training

Learn how to collect, analyze and act on cyber threat intelligence with expert instruction and hands-on exercises in Infosec Skills.

Summary of the Verizon data breach report

The summary of the Verizon Data Breach Report provides a top-level view of what you should take away from it, based upon four general questions. Each question yields more information than you may think and provides a solid starting point for the key findings to come.

What tactics are utilized?

  • 45% of breaches involved hacking
  • 22% of attacks included social attacks
  • 22% involved malware
  • 17% of breaches featured errors which were causal events
  • 8% of breaches were caused my authorized user misuse
  • 4% of breaches involved physical actions

Who’s behind the breaches?

  • 70% of breaches were perpetrated by external actors
  • 55% of breaches were caused by organized criminal groups
  • 30% of breaches were perpetrated by internal actors
  • 4% of breaches had four or more attack actions
  • 1% involved partner actors
  • 1% involved multiple parties

Who are the victims?

  • 81% of breaches were discovered in a matter of days or less
  • 72% of breaches involved large business victims
  • 58% of victims had their personal data compromised
  • 28% of breach victims were small businesses

What are the other commonalities?

  • 86% of breaches were financially motivated
  • 43% of breaches involved web applications
  • 37% breaches involved stolen or used credentials
  • 27% of malware incidents were ransomware
  • 22% of breaches involved phishing

Hands-on threat intel training

Hands-on threat intel training

Learn how to collect, analyze and act on cyber threat intelligence with expert instruction and hands-on exercises in Infosec Skills.

2020 Verizon data breach report key findings

As previous editions have proven, the Verizon Data Breach Report is packed with useful information about the state of affairs of information security. The 2020 edition is no exception. Here are the key findings.

The origin of breaches

When many think of where data breaches come from, they probably conjure images of cybercriminals with hygiene issues sitting in a basement of some dingy building halfway around the world. In reality, attacks normally have a much more domestic origin.

  • 85% of attackers and their victims live in the same country
  • 56% live in the same state
  • 35% live in the same city

Cost of a data breach

The cost of a data breach to an organization is probably tossed around conference rooms in organizations across the nation. However, it is something that most information security professionals may not focus on. For organizations, including corporate enterprises, the most commonly reported cost of a breach was $32,200; this is an increase from $29,300, which was the most commonly reported cost in 2019. This figure may seem substantial to some, but at the cost of a used car, it could definitely be worse.

Steps count

The number of steps attackers need to take to carry out malicious actions affects the willingness of them to attack. What this means is that attackers are far less likely to take any more steps than is absolutely necessary to carry out attack-related actions. For example, the Verizon Data Breach Report found that where there were 200 breaches where attackers took one step to accomplish an action. This number was nearly cut in half when just one extra step was added. 

The allure of quick monetization

PoS (Point of Sale) breaches followed the general trend established in recent years of a scale down. While this was noticed in last year’s Verizon Data Breach Report, the past year has allowed contributors to connect this reduction to monetization. It takes more time and effort to wage a malware-based campaign when infecting targets with ransomware can be a faster option.

DDoS’ing the competition

A helpful aspect of the Verizon Data Breach Report is that it separates the report (in part) based upon industry. The Arts, Entertainment and Recreation sector has received the most DDoS-based attacks, and this has been attributed to online gambling entities. DDoSing competitors is commonplace for online gambling entities, which has driven this trend.

User error

A general finding across nearly all industries is the rise of miscellaneous errors as part of data breaches. This has been called the frenemy of information security. Among the most commonly reported errors is that of misconfiguration, which basically means the system administrator was not careful enough to properly secure databases and cloud storage containers. As the Verizon Data Breach Report commented: “Good security practices? Ain’t nobody got time for that!”

How well do you know your region?

2020 was the first year that the Verizon Data Breach Report divided the world up into regions for a deeper analysis of their findings. In terms of how things went in North America, hacking using stolen credentials was the top attack seen, along with social engineering attacks that encourage the use of said stolen credentials coming in second place. As in other places in the world this year, errors are commonplace in North America, with misdelivery and misconfiguration being the top two errors seen.

Hands-on threat intel training

Hands-on threat intel training

Learn how to collect, analyze and act on cyber threat intelligence with expert instruction and hands-on exercises in Infosec Skills.


The Verizon Data Breach Report for 2020 was an information-packed and insightful look into the information security landscape across different industries. Many of the trends from 2019, including a continued reduction in PoS attacks, continued into 2020 and set the pace for the year. 

The report had too much information to pack into this article so make sure you take a look at it for yourself.


The 2020 Verizon Data Breach Investigation Report, Verizon DBIR 2020

Greg Belding
Greg Belding

Greg is a Veteran IT Professional working in the Healthcare field. He enjoys Information Security, creating Information Defensive Strategy, and writing – both as a Cybersecurity Blogger as well as for fun.