The 2020 Penetration Risk Report also says cloud environments are most vulnerable to two types of attacks: security misconfigurations and cross-site scripting. This year's report also found that large enterprises are 46% more likely to experience a data breach than large cloud providers. 

In terms of social engineering breaches, the study found that 61% of all phishing engagements resulted in a full compromise. 

The tests were performed by Coalfire Labs, the company’s threat modeling, attack simulation and pen testing division, and findings show that organizations continue to struggle with many of the same vulnerabilities and systemic weaknesses year over year.

Here is a summary of a few of the report’s key findings:

•             Large cloud providers saw tremendous security gains over the last year, and are 46% less likely to suffer a breach than large enterprises.

•             Phishing continues to dominate as the easiest breach: 61% of phishing attempts result in full compromise of access credentials.

•             In a major turnaround toward safer systems, applications doubled their security posture during 2020.

•             Insecure protocols dominated (22.7%) our top vulnerabilities across all verticals except technology.

•             Mid-size companies hit the cybersecurity sweet spot in 2018, scrambled to keep up last year, and in 2020, improved only 4% year-over-year in fending off attackers compared to their large and small counterparts.