Some Quick Takeaways from the 2017 Verizon DBIR


For those who lack the time to read the entire report, here are some of the key findings along with some comments.


  • 75% of breaches done by outsiders.

  • 25% involved internal actors.

  • 18% state actors.

  • 51% involved organized crime actors.

I see 25% involving internal actors as quite high, but that depends on the definition of “involved”.


  • 24% of breaches affected financial organizations

  • 15% of breaches affected healthcare

  • Public sector were third at 12%

  • Retail and hospitality combined for another 15% of breaches.


  • 62% of breaches used “hacking”

  • 51% of breaches used malware

  • 81% leveraged stolen/weak passwords

  • 43% were social engineering based

What does “hacking” mean? And how much hacking did or did not involve malware?

Other findings

  • 66% of malware got in via email

  • 73% of breaches were financially motivated

  • 21% of breaches were espionage related

  • 27% were discovered by third parties


I find the 1/4 insider involvement to be high. Not saying it’s wrong. Just saying it seems high.

I think they could use a better term than “hacking” to describe their most common type of tactic. Perhaps “manual intervention”?

I’d love to see some sort of analysis of controls in this report, or a similar report. So basically what controls from say the CIS set are most recommended this year based on the DBIR findings?

That’s not a bullseye because every company is different, but maybe they could do a recommended controls list for each industry or something.

Anyway, solid stuff as usual from he team. And I enjoyed the summary as well.


  1. I imagine a lot of these questions were answered in the full version of the report. This is analysis of the executive summary.

Related posts: