Stats & Trends
Jonathan Crowe
May 2016

Top 10 Stats from the Verizon 2016 Data Breach Investigations Report

Photo by Piotr Lohunko

It's the most highly anticipated cybersecurity report of the year. The Verizon 2016 Data Breach Investigations Report is here, with key stats and lessons learned from over 100,000 security incidents and 2,000 data breaches.

If you're looking for the latest facts and figures on malware, phishing, vulnerability exploits, and more, you'll find it in spades in the full 80-page report. But for those who would like a condensed peek at the key highlights, here are the top 10 stats and takeaways from this year's DBIR you can digest before breakfast.

1) 4 out of 5 data breaches are attributed to external attackers


You may have your reasons for thinking Ned in HR is up to something, but chances are any data breach you suffer is going to be the handiwork of an outside criminal motivated by financial gain.

2) The majority of data breaches target users and their devices


Servers are still the top target for attackers, but attacks targeting users and user devices are on the rise. Combined together, they represent the largest and fastest growing target group.

3) 63% of confirmed data breaches involved weak, default, or stolen passwords

Nothing new, nothing fancy. The majority of data breaches just featured good ol' fashioned attacks designed to take advantage of the one thing we can never seem to get right — stronger password management.

4) In 93% of data breaches, compromise occurred in minutes or less


With so little time to react, that puts pressure on IT to invest in prevention and solutions that stop malware in the act of executing, before it has a chance to do any damage. In many cases, playing catch up with detection and response tools will mean you're too late.

Or, as the Verizon team puts it, “When you have to wait on external detection to tell you you’re popped, it’s probably too late to keep the horses in the barn."

5) 99% of malware hashes are seen for only 58 seconds or less


That's bad news for companies relying solely on traditional signature-based security solutions like antivirus (see "The Problem with Signature-Based Security" for a quick and simple explanation).

The postman may always ring twice, but most hackers only use malware once before modifying the code and shipping it back out as a slightly modified version that continues to evade detection.

6) Just 10 vulnerabilities accounted for 85% of successful exploitations in 2015

While the goal with patch management is to be as comprehensive as possible, prioritizing patching the big guns can drastically reduce your risk.

For those keeping score at home, the top 10 exploited vulnerabilities in 2015 were:

CVE-2001-0876, CVE-2011-0877, CVE-2002-0953, CVE-2001-0680, CVE-2012-1054, CVE-2015-0204, CVE-2015-1637, CVE-2003-0818, CVE-2002-0126, CVE-1999-1058

7) 50% of exploitations happen between 10 and 100 days after the vulnerability is published (median = 30 days)


Some vulnerabilities are typcially exploited more quickly than others (we're looking at you, Adobe). Overall, the important thing is that vulnerabilities are patched, not necessarily that they are patched immediately (though, obviously the sooner the better).

8) Phishing campaigns have a 30% open rate


The sad thing is most marketers would kill for that open rate. The sadder thing is it explains why phishing continues to be so popular among attackers. It's a delivery tactic that works. Help your users avoid becoming phishing victims with these five tips.

9) Email attachments are the #1 delivery vehicle for malware


Considering the success rate of phishing, perhaps it's no surprise malicious email attachments and links are two of the top three malware delivery mechanisms of choice for attackers. That makes email filtering and user education both smart security investments.

10) 90% of the data breaches in 2015 followed one of nine common patterns

It turns out cyber attacks are not unique snowflakes. That's good news. It means by focusing your energy on preventing the most common data breach scenarios you can actually reduce your risk dramatically.

Bonus Stat: 362,000 new crypto-ransomware variants were spotted in 2015 (source: Symantec)


This bonus stat isn't from the DBIR, but it illustrates one of cybersecurity's most troubling trends — the rise of ransomware. One of the key challenges of ransomware is not only how quickly new variations are being created, but how quickly those new versions are able to infect your machines and encrypt your data.

To learn more about how ransomware works and how we were able to use behavioral analysis to stop CryptoWall 4.0 from day one, take a look at Barkly in action.

Jonathan Crowe

Jonathan Crowe

Jonathan covers the latest threats and cybersecurity trends from a practical perspective.


Close the gaps in your security

See how Barkly’s Runtime Malware Defense blocks attacks other solutions miss.

See a demo


Stay informed!

Get the latest security news, tips, and trends straight to your inbox.

Stay informed!

Get the latest security news, tips, and trends straight to your inbox.