Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity NewswireSecurity & Business ResilienceCybersecurity News

Verizon 2024 Data Breach Report shows the risk of the human element

By Security Staff
Glowing blue fibers in darkness

Image via Unsplash

May 3, 2024

Verizon Business released its 17th-annual Data Breach Investigations Report (DBIR), highlighting the role that the human element plays in cyber threats. This report examined 30,458 security incidents as well as 10,626 verified breaches in 2023, representing a two-fold increase from 2022. Out of the breaches analyzed, more than two-thirds (68%) included a non-malicious human element — in other words, these incidents involved insider errors or people falling for social engineering schemes.

This percentage remains consistent with last year’s, suggesting that the human element remains a steady risk concern. However, reporting practices improved, as 20% of individuals recognized and reported phishing in simulated exercises, and 11% of individuals who clicked a malicious email reported it. 

Another notable finding from the report was the increase in vulnerability exploitation. Exploiting vulnerabilities as an initial entry point accounted for 14% of all breaches, representing a volume three times (180%) greater than 2023. According to the report, this increase was driven by zero-day vulnerabilities that ransomware actors leveraged. 

Other key findings include: 

  • 32% of breaches included a form of extortion, including ransomware.
  • Between 24% and 25% of financially motivated security events involved pretexting over the past two years. 
  • Over the last decade, 31% of breaches involved the use of stolen credentials.

Security leaders weigh in 

Saeed Abbasi, Manager, Vulnerability Research at Qualys Threat Research Unit:

“The 2024 Verizon Data Breach Investigations Report (DBIR) highlights cyber threats that are evolving and increasingly complex in our interconnected world. These findings spotlight a crucial theme: today's cyber threats are' dynamic and increasingly sophisticated in nature. 

“Here are my takeaways this year: 

  • Adaptive threat landscape: The report details a notable increase in ransomware, extortion techniques, and vulnerability exploitation, showing that cybercriminals are becoming more adaptive and opportunistic. They effectively utilize everything from zero-day vulnerabilities to social engineering tactics like phishing to penetrate systems. 
  • Convergence of threats: It also notes an evolution of ransomware into more complex forms of extortion, marking a convergence of threats where different attack methods merge into hybrid tactics. This convergence complicates organizations' ability to predict and defend against attacks as the distinctions between attack types become increasingly blurred. 
  • Human element in cybersecurity: This highlights the rapid rate at which individuals fall for phishing scams, the DBIR underscores the critical importance of human behavior in cybersecurity. It advocates for a dual approach that focuses on technological defenses and emphasizes the need for comprehensive user education and behavioral adjustments to bolster security. 
  • Strategic vulnerability management and holistic defense mechanisms: The 2024 Verizon DBIR emphasizes a critical increase in vulnerability exploitations, highlighting the need for urgent, strategic vulnerability management. We advise organizations to implement comprehensive, proactive strategies, including agent-based and agent-less security measures, to preempt potential breaches. Additionally, organizations require a multi-layered defense strategy, integrating advanced detection tools, zero-trust frameworks, and rapid patch management. 

“Given the increasing complexity and interconnectedness of supply chains, this holistic approach to cybersecurity is essential. These networks are often targeted by cyber threats, affecting not just individual organizations but also extending to third-party interactions and the broader supply chain. 

  • AI, Machine Learning, and Quantum Computing Threats: The proliferation of AI and machine learning is expected to be leveraged by both defenders and attackers. AI can swiftly predict and counteract attacks but may also be used to develop more sophisticated cyber threats. Additionally, as quantum computing advances, it poses a potential risk to current cryptographic protocols. Organizations should prepare for this by developing quantum-resistant cryptography to safeguard data against future threats.” 

Patrick Harr, CEO at SlashNext:

“With the rapid growth of AI technology, combined with limited regulation, it’s important for the tech industry to develop tools and processes that can assist in protecting AI technology systems.

“Everything in security needs to become more human ID-centric rather than network-centric. At the end of the day, we are far better off by providing access through human identity-centric methods and using AI to make that human a super-human. So rather than relying on a training simulation approach for users, we can rely on AI augmentation for that, so users don’t have to be tricked into clicking on bad phishing links, for example. 

“We have to shift our posture from a network-centric to a human-centric security posture. We will put an AI bubble around the user to become a super-human with an extra pair of computer vision eyes, and an ability to listen with spoken language contextualization by using AI. Everyone has talked about a personal co-pilot to help from a security posture, and we will see the rise of these AI co-pilots to augment humans and help users make the best decisions.  

“This problem will not go away and will only get worse. Anywhere there is money and opportunity and data, which is across every industry, there will be attacks. This is a horizontal problem for all industries, not a vertical problem. The bad guys will always look for wherever the most sensitive data is based to target their attacks.” 

Agnidipta Sarkar, Vice President CISO Advisory at ColorTokens:

“With the increase in digital business-as-usual, cybersecurity practitioners are already feeling lost in a deluge of inaccurate information from mushrooming multiple cybersecurity solutions coupled with a lack of cybersecurity architecture and design practices, resulting in porous cyber defenses. Business leaders are realizing that investments in microsegmentation will force the IT and security teams to begin developing digital business context-based cybersecurity architecture and design because microsegmentation is the last line of defense during a cyber-attack. Security and risk leaders will leverage the pan-optic visualization capability of microsegmentation to build immediate cyber defenses to protect digital business as usual, even during severe cyber-attacks.” 

Nick Rago, Vice President, Product Strategy at Salt Security:

“As architectures become increasingly complex, combined with more dependencies on third party code and services, supply chain attacks targeting software dependencies and operational third-party providers will continue to escalate. Especially as threats actor techniques become more stealth and harder to detect.

“In the wake of successful attacks over the past year, social engineering attacks are set to continue and with more sophistication. As a result, zero-trust mindsets should be applied to every communication medium, including corporate email, text message, or phone call. The education and re-education of employees must continue. 

“API attacks will also continue to increase at an alarming rate as organizations struggle to manage the chaos of API sprawl stemming from API-first innovation and digitalization. On the flip side, it is likely organizations will allocate more budget towards API security in the new year given its increased importance. In Salt Security's State of the CISO report, 95% of CISOs surveyed said API security is a planned priority over the next 24 months.”

Dana Simberkoff, Chief Risk, Privacy and Information Security Officer at AvePoint:

“AI is coming and resistance is futile. While we see the great potential AI can have to help us in our work, we must make sure that we take advantage of these technologies responsibly and securely. In light of this, Security and Privacy professionals must work with their IT and business counterparts to develop and implement Generative AI Acceptable use policies. This should include data privacy and confidentiality, access to generative AI, and responsible use of generative AI. Putting these guardrails in place is critical. 

“In addition to developing acceptable use policies, ensure that you have ongoing training for employees so that they are aware and can act responsibly. Especially given how quickly applications of AI and machine learning have impacted our work, and how quickly this technology changes, security and privacy teams need to be agile in the new year.

“Successful adoption of AI in a security and privacy centric way will be as good as the basic data governance and life cycle management program you’ve implemented in your organization. As we say and have said for many years with regards to migration to the cloud: if you put garbage in, you'll get garbage out. So, it's important to clean up your data and make sure its properly governed before serving it up to AI on a silver platter. Otherwise, you may end up finding that security by obscurity is no longer a fallback defense.” 

KEYWORDS: data breaches human error insider risk phishing ransomware social engineering vulnerability

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
close

1 COMPLIMENTARY ARTICLE(S) LEFT

Loader

Already Registered? Sign in now.

Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Techno lights

    Verizon 2023 Data Breach Report shows rising cost of ransomware

    See More
  • Laptop in darkness

    Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

    See More
  • Doorway to Cybersecurity

    Verizon 2020 Data Breach Report: Money Still Makes the Cyber-Crime World Go Round

    See More

Related Products

See More Products
  • Risk-Analysis.gif

    Risk Analysis and the Security Survey, 4th Edition

  • databasehacker

    The Database Hacker's Handboo

  • Physical-Security-and-Safet.gif

    Physical Security and Safety: A Field Guide for the Practitioner

See More Products

Events

View AllSubmit An Event
  • November 7, 2024

    Inside the 2024 Security Benchmark Report

    ON DEMAND: The 2024 Security Benchmark Report unveils the top trends CSOs and enterprise security executives face in today’s current climate and how each could potentially impact the enterprise’s global reputation with the public, governments, and business partners.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!