STOCK TITAN
  1. Home
  2. News
  3. VZ
  4. 2024 Data Breach Investigations Report: Half of the Breaches in EMEA are Internal

2024 Data Breach Investigations Report: Half of the Breaches in EMEA are Internal

Rhea-AI Impact
(Low)
Rhea-AI Sentiment
(Very Negative)
Tags
Rhea-AI Summary

Verizon Business released its 17th annual Data Breach Investigations Report (DBIR) analyzing 8,302 security incidents in EMEA, with 6,005 confirmed breaches. 49% of breaches in EMEA are internal. Most breaches globally involve non-malicious human actions. Zero-day vulnerabilities are a persistent threat. Organizations take an average of 55 days to patch 50% of critical vulnerabilities. AI adoption is less concerning than failure to patch basic vulnerabilities. 32% of breaches involve extortion techniques, and stolen credentials appear in 31% of breaches over the past decade.

Verizon Business ha pubblicato il suo 17° rapporto annuale sulle Indagini di Violazione dei Dati (DBIR), analizzando 8.302 incidenti di sicurezza nella regione EMEA, con 6.005 violazioni confermate. Il 49% delle violazioni in EMEA sono interne. La maggior parte delle violazioni a livello globale coinvolge azioni umane non malevoli. Le vulnerabilità zero-day rappresentano una minaccia costante. Le organizzazioni impiegano in media 55 giorni per correggere il 50% delle vulnerabilità critiche. L'adozione dell'IA è meno preoccupante rispetto al mancato aggiornamento delle vulnerabilità di base. Il 32% delle violazioni coinvolge tecniche di estorsione, e le credenziali rubate compaiono nel 31% delle violazioni nell'ultimo decennio.
Verizon Business ha publicado su 17º Informe Anual de Investigación de Violaciones de Datos (DBIR), analizando 8.302 incidentes de seguridad en EMEA, con 6.005 brechas confirmadas. El 49% de las brechas en EMEA son internas. La mayoría de las brechas a nivel mundial involucran acciones humanas no maliciosas. Las vulnerabilidades de día cero son una amenaza persistente. Las organizaciones tardan un promedio de 55 días en parchear el 50% de las vulnerabilidades críticas. La adopción de la IA es menos preocupante que la falta de parcheo de vulnerabilidades básicas. El 32% de las brechas implican técnicas de extorsión, y las credenciales robadas aparecen en el 31% de las brechas en la última década.
Verizon 비즈니스는 EMEA에서 8,302건의 보안 사고를 분석한 제17회 연례 데이터 유출 조사 보고서(DBIR)를 발표했으며, 이 중 6,005건이 확인된 유출 사건입니다. EMEA에서의 유출 사건의 49%는 내부적인 것입니다. 전 세계적으로 대부분의 유출 사건은 악의적이지 않은 인간의 행동에 관련되어 있습니다. 제로데이 취약점은 지속적인 위협입니다. 조직은 중요 취약점의 50%를 패치하는 데 평균 55일이 걸립니다. AI 채택은 기본 취약점을 패치하지 못하는 것보다는 걱정이 적습니다. 유출 사건의 32%는 공갈 기법을 포함하며, 도난당한 자격증명은 지난 십년간 유출 사건의 31%에서 나타납니다.
Verizon Business a publié son 17ème rapport annuel sur les Enquêtes de Violation de Données (DBIR), analysant 8.302 incidents de sécurité dans la région EMEA, avec 6.005 violations confirmées. 49% des violations en EMEA sont internes. La plupart des violations dans le monde impliquent des actions humaines non malveillantes. Les vulnérabilités de jour zéro sont une menace persistante. Les organisations prennent en moyenne 55 jours pour corriger 50% des vulnérabilités critiques. L'adoption de l'IA est moins préoccupante que l'échec à corriger les vulnérabilités de base. 32% des violations impliquent des techniques d'extorsion, et les identifiants volés apparaissent dans 31% des violations au cours de la dernière décennie.
Verizon Business hat seinen 17. jährlichen Bericht über Datenverletzungsuntersuchungen (DBIR) veröffentlicht und analysiert 8.302 Sicherheitsvorfälle in der EMEA-Region, mit 6.005 bestätigten Brüchen. 49% der Brüche in EMEA sind intern. Die meisten Brüche weltweit beinhalten nicht bösartige menschliche Handlungen. Zero-Day-Schwachstellen sind eine anhaltende Bedrohung. Organisationen benötigen durchschnittlich 55 Tage, um 50% der kritischen Schwachstellen zu beheben. Die Übernahme von KI ist weniger besorgniserregend als das Versäumnis, grundlegende Schwachstellen zu patchen. 32% der Brüche beinhalten Erpressungstechniken, und gestohlene Zugangsdaten erscheinen in 31% der Brüche im letzten Jahrzehnt.
Positive
  • None.
Negative
  • None.

What you need to know:

  • More than two-thirds (68%) of breaches globally involve a non-malicious human action.
  • Vulnerability exploitation experienced 180% growth vs 2023.
  • On average it took organisations about 55 days to patch 50% of their critical vulnerabilities.

LONDON, May 01, 2024 (GLOBE NEWSWIRE) -- Verizon Business today released the results of its 17th annual Data Breach Investigations Report (DBIR), which analysed 8,302 security incidents in Europe, the Middle East and Africa (EMEA), of which 6,005 (more than 72%) are confirmed breaches.

Virtually half of the breaches (49%) in EMEA are initiated internally, suggesting high incidences of privilege misuse and other human errors. Across EMEA, the top reasons for cybersecurity incidents are miscellaneous errors, system intrusion, and social engineering, which account for 87% of breaches. The most common types of data compromised are personal (64%), internal (33%), and credentials (20%).

The human element continues to be the front door for cybercriminals

Most breaches globally (68%), whether they include a third party or not, involve a non-malicious human action, which refers to a person making an error or falling prey to a social engineering attack. This percentage is about the same as last year. One potential countervailing force is the improvement of reporting practices: 20% of users identified and reported phishing in simulation engagements, and 11% of users who clicked the email also reported it.

“The persistence of the human element in breaches shows that organisations in EMEA must continue to combat this trend by prioritising training and raising awareness of cybersecurity best practices. However, the increase in self-reporting is promising and indicates a cultural shift in the importance of cybersecurity awareness among the general workforce,” said Sanjiv Gossain, EMEA Vice President, Verizon Business

Zero-day vulnerabilities remain a persistent threat to enterprises

Globally, the exploitation of vulnerabilities as an initial point of entry increased since last year, accounting for 14% of all breaches. This spike was driven primarily by the scope and growing frequency of zero-day exploits by ransomware actors, most notably the MOVEit breach, a widespread exploitation of a zero-day vulnerability.

“The exploitation of zero-day vulnerabilities by ransomware actors remains a persistent threat to enterprises, due in no small part to the interconnectedness of supply chains,” said Alistair Neil, EMEA Senior Director of Security, Verizon Business “Last year, 15% of breaches involved a third party, including data custodians, third-party software vulnerabilities, and other direct or indirect supply chain issues.”

Analysis of the Cybersecurity Infrastructure and Security Agency (CISA) Known Exploited Vulnerabilities (KEV) catalogue revealed that on average it takes organisations 55 days to remediate 50% of critical vulnerabilities following the availability of patches. Meanwhile, the median time for detecting the mass exploitations of the CISA KEV on the internet is five days.

As a possible relief to some anxieties, the rise of artificial intelligence (AI) was less of a culprit vs challenges in large-scale vulnerability management. “While the adoption of artificial intelligence to gain access to valuable corporate assets is a concern on the horizon, a failure to patch basic vulnerabilities has threat actors not needing to rapidly advance their approach and focusing their use of AI on accelerating social engineering,” Chris Novak, Sr. Director of Cybersecurity Consulting, Verizon Business.

Additional key findings:

  • About 32% of all breaches involved some type of extortion technique, including ransomware.
  • Over the past two years, roughly a quarter (between 24% and 25%) of financially motivated incidents involved pretexting.
  • Over the past 10 years, the use of stolen credentials has appeared in almost one-third (31%) of all breaches.

View the 2024 Data Breach Investigation Report here.

Click here for more information on ways to help defend against zero-day vulnerabilities and other cyber threats.

You can also read the Global Press Release here.

About Verizon
Verizon Communications Inc. (NYSE, Nasdaq: VZ) was formed on June 30, 2000 and is one of the world’s leading providers of technology and communications services. Headquartered in New York City and with a presence around the world, Verizon generated revenues of $134.0 billion in 2023. The company offers data, video and voice services and solutions on its award-winning networks and platforms, delivering on customers’ demand for mobility, reliable network connectivity, security and control.

VERIZON’S ONLINE MEDIA CENTER: News releases, stories, media contacts and other resources are available at verizon.com/news. News releases are also available through an RSS feed. To subscribe, visit www.verizon.com/about/rss-feeds/.

Media contacts:
Sebrina Kepple
+44 7391 065817
Sebrina.Kepple@verizon.com


FAQ

What is the main focus of the 2024 Data Breach Investigations Report by Verizon Business?

The main focus is analyzing security incidents in Europe, the Middle East, and Africa (EMEA), with a high percentage of internal breaches.

What percentage of breaches globally involve non-malicious human actions?

68% of breaches globally involve non-malicious human actions.

What is the average time taken by organizations to patch 50% of critical vulnerabilities?

Organizations take about 55 days on average to patch 50% of critical vulnerabilities.

What is a persistent threat to enterprises according to the report?

Zero-day vulnerabilities are identified as a persistent threat to enterprises.

What is the percentage of breaches involving some type of extortion technique?

About 32% of all breaches involve some type of extortion technique, including ransomware.

What percentage of all breaches over the past 10 years involved stolen credentials?

Over the past 10 years, almost one-third (31%) of all breaches involved stolen credentials.

What is the advice provided in the PR to defend against cyber threats?

The PR provides information on defending against zero-day vulnerabilities and cyber threats.

Where can the 2024 Data Breach Investigation Report be viewed?

The report can be viewed by clicking on the provided link in the PR.
Stock VZ logo
Verizon Comms

NYSE:VZ

VZ Rankings

#66 Ranked by Market Cap
#485 Ranked by Dividends

VZ Latest News

Jun 25, 2025
Verizon contributes $10K in response to devastating flooding in West Virginia
Jun 25, 2025
New “Verizon Frontline Verified” partner - Semtech
Jan 1, 1970
Verizon Business wins multisite private 5G contract fueling a multibillion dollar regeneration project
Jun 24, 2025
Verizon, America’s Most Reliable 5G Network, Launches Industry-Leading, AI Powered Customer Experience Innovations
Jun 23, 2025
Verizon announces final results of its private exchange offers for 10 series of notes and related tender offers open to certain investors

VZ Stock Data

176.45B
4.21B
0.05%
66.1%
1.54%
Telecom Services
Telephone Communications (no Radiotelephone)
Link
United States
NEW YORK

Related Articles

Continue reading with these related stories

View All Latest News