• Verizon Business has issued its annual report on the global cybersecurity landscape
• The human element, usually non-malicious, continues to be the key reason for security breaches
• While more training is needed, users are increasingly aware of errors and self-reporting

Human error continued to be a persistent chink in the armour for companies in 2023, leaving the front door open for cybercriminals, according to a new data breach report from Verizon Business, which also found that (at last) users are increasingly aware of, and reporting, their mistakes.

The latest Data Breach Investigations Report (DBIR), which looks at the state of cybersecurity in 2023, revealed that some 68% of global breaches, regardless of whether they included a third party or not, involved a non-malicious human action, such as a person making an error or becoming a victim of a social engineering attack.

While this percentage is about the same as the figure for 2022, the business arm of the US operator highlighted that users have made positive progress when it comes to reporting the root causes of such incidents: 20% of users identified and reported phishing in simulation engagements, and 11% of users who clicked on a malicious email reported it.

Another finding suggests that almost half of the breaches in Europe, the Middle East and Africa (EMEA) were initiated internally, which suggests “high incidences of privilege misuse and other human errors”.

The main reason for cybersecurity incidents in the region were miscellaneous errors, system intrusion and social engineering, which accounted for 87% of breaches. And the most common types of data compromised in the past year were personal (64%), internal (33%) and credentials (20%).

“The persistence of the human element in breaches shows that organisations in EMEA must continue to combat this trend by prioritising training and raising awareness of cybersecurity best practices. However, the increase in self-reporting is promising and indicates a cultural shift in the importance of cybersecurity awareness among the general workforce,” stated Sanjiv Gossain, group VP and head of EMEA at Verizon Business.

The report further suggests that one of the fastest-growing cybersecurity threats is the exploitation of vulnerabilities: It has nearly tripled from its level in 2022, and last year accounted for 14% of all breaches. According to the report, this was due to “the increasing frequency of attacks targeting vulnerabilities on unpatched systems and devices (zero-day vulnerabilities) by ransomware actors”.

In the Asia Pacific (APAC) region, 25% of attacks were motivated by espionage – significantly higher than the 6% and 4% espionage levels in Europe and North America respectively. “Since so much of cyber espionage can be defined as an advanced persistent threat, it’s especially important for organisations in APAC to continuously refresh their security protocols to thwart the long-term collection of sensitive data by threat actors,” explained Chris Novak, senior director of cybersecurity consulting at Verizon Business.

He urged organisations to review their third-party networks as “sensitive information with national security implications can sometimes be accessed via organisations with more lax cybersecurity practices, such as academic institutions and research facilities.”

For its latest report, Verizon Business analysed “a record-high” 30,458 security incidents and 10,626 confirmed breaches that took place in 2023 – a two-fold increase on 2022.

The report also tackled anxieties related to the use of AI in cyberattacks. To find out whether the technology has been increasingly exploited by threat actors in 2023, watch out for our exclusive video interview with Phillip Larbey, lead of the Verizon threat advisory team for EMEA.

- Yanitsa Boyadzhieva, Deputy Editor, TelecomTV