Global data breaches double in 2023 driven by extortion and third-party software attacks
The number of data breaches doubled in 2023, according to technology firm Verizon Business, reaching a record-high of 10,626 across 94 countries.
Ransomware and extortion accounted for 32% of all breaches last year. Third-party breaches accounted for 15% of the total, up 68% and driven by a threefold increase in vulnerability exploitation attacks.
The majority of breaches from non-malicious human elements dominated at a steady 68%.
Publishing in the 2024 Data Breach Investigations Report, which analysed 30,500 security incidents last year, Verizon says the spike in vulnerability exploitation was driven by attacks targeting unpatched systems and devices, also known as zero-day vulnerabilities, by ransomware gangs, including the MOVEit software breach.
“The exploitation of zero-day vulnerabilities by ransomware actors remains a persistent threat to safeguarding enterprises,” said Chris Novak, senior director of cybersecurity consulting at Verizon Business.
Ransomware was a top threat across the majority of industries, although Verizon says this has been driven by a rise in pure extortion attacks, which accounted for 9% of attacks, while traditional ransomware slipped slightly to 23%.
Novak said AI has yet to become a significant issue for driving breaches. “While the adoption of artificial intelligence to gain access to valuable corporate assets is a concern on the horizon, a failure to patch basic vulnerabilities has threat actors not needing to advance their approach,” he said.
Although North America accounted for more than half of security incidents analysed, the majority of confirmed data breaches were in the EMEA. It accounted for 6,000 of more than the 10,000 recorded. Moreover, half of breaches in the EMEA were internal.