C-level executives are 9 times more likely to be the target of data breaches.

The 2019 Verizon Data Breach Investigations Report (DBIR) revealed that C-level executives are now the major targets for social engineering attacks. The findings show that senior executives are 12 times more likely to be the target of social engineering-related incidents, and nine times more likely to be the target of social engineering breaches – with 71% of breaches being financially motivated.

The 2019 Verizon DBIR analysed 41,686 security incidents, of which 2,013 confirmed data breaches.

Ray Ottey, Senior Manager UK, Ireland and Nordics at Security Solutions at Verizon said:

“We are seeing instances of executives increasingly being targeted through very sophisticated social engineering attacks using familiar organisations and email addresses over a long period of time, as well as misconfigurations in cloud-based services.”

The report also found that 23% of the analysed breaches involved nation-state actors or state sponsored attacks, compared to just 12% in the 2018 report. This finding highlights that businesses should be investigating how they need to adapt their security strategy as well as look into who might be behind the attacks.

It was also revealed that 25% of breaches were motivated by cyber-espionage. Most notably it was reported that cyber-espionage has become “rampant in the public sector” with state-affiliated actors accounting for 79% of all breaches involving external actors. Furthermore 78% of cyber-espionage incidents involved phishing, compared to just 32% of overall breaches involving phishing.

The DBIR highlighted the need to ensure all employees from all levels are made aware of the impact of cybercrime, therefore technical IT hygiene and network security is more important than ever, in order to reduce the risk of cyber-attacks.

George Fischer, president of Verizon Global Enterprise said: “It all begins with understanding your risk posture and the threat landscape, so you can develop and action a solid plan to protect your business against the reality of cybercrime.”

“Knowledge is power, and Verizon’s DBIR offers organisations large and small a comprehensive overview of the cyber threat landscape today so they can quickly develop effective defense strategies,” Fischer added.

Within the findings, the report most notably found that 56% of breaches took months or longer to discover, showing that businesses are still slow to locate attacks. It was also revealed that the majority of attacks are perpetrated by outsiders compared to 34% from internal actors, while partners are just linked to just 2%. Additionally 43% of breaches involved small business victims.

Bryan Sartin, executive director of security professional services at Verizon said:

“There is an urgent need for businesses large and small to put the security of their business and protection of customer data first. Often even basic security practices and common sense deter cyber-crime.”