2023 Data Breach Investigations Report – DBIR Key Takeaways

2023 Data Breach Investigations Report - DBIR Main Findings


In the challenging landscape of cybersecurity, understanding potential threats and planning preventive strategies is a mission-critical task. The Verizon 2023 Data Breach Investigations Report (DBIR) serves as an indispensable guide in this endeavor. It unravels an in-depth analysis of real-world cybercrime instances and equips organizations to better prepare against cyber threats.

Armed with this knowledge, Chief Information Security Officers and cybersecurity executives can elevate their cybersecurity protocols and fortify their human risk management efforts. So, let’s delve into the key findings of this report and see how they could influence your organization’s security strategy.

Video Summary

Play Video

Want a Summary?

Go to the FAQ section and browse the main topics from this article.

Overview of the Verizon 2023 Data Breach Investigations Report

The DBIR has long been a beacon for cybersecurity professionals worldwide, presenting real-life instances of cybercrime and their comprehensive analysis. This year’s report continues the legacy, offering significant insights into the multifaceted world of cyber threats.

This recent edition of DBIR scrutinized an impressive 16,312 security incidents. From this large pool of data, 5,199 were verified breaches. These numbers were gathered from the real-world incidents analyzed by the reputable Verizon Threat Research Advisory Center (VTRAC), now marking its 20th year, and other global contributors.


The depth and breadth of the data provided by the DBIR shed light on the tactics of threat actors and the tools they employ against enterprises. The findings cover diverse businesses, irrespective of their size, vertical, and geographic location.

By understanding the specifics of these threats, we can tailor our defensive strategies and better protect our organizations. Thus, this report provides an opportunity not only to learn about the current state of cybersecurity but also to improve upon it.

Our next section will highlight the major findings of this report and analyze their implications. Stay tuned, and remember, you can refer to our previous articles to complement this information and get a comprehensive understanding of the cybersecurity landscape.

DBIR Key Takeaways

The Verizon 2023 DBIR unravels crucial statistics and information, illuminating the current landscape of cyber threats. Here, we distill the major findings and shed light on their implications:

  1. Threat Landscape
    • The report logged 16,312 security incidents, a stark reminder of the pervasive threat of cybercrime.
    • 83% of breaches involved External actors.
    • 74% of all breaches include the human element, with people being involved either in Error, Use of stolen credentials, Social Engineering, or Privilege Misuse.
  2. Threat Actors and Tools
    • The three primary ways in which attackers access an organization are stolen credentials, phishing, and exploitation of vulnerabilities.
    • The tools and tactics used by these threat actors were examined, revealing their approach’s alarming sophistication and adaptability.
  3. Comparison with Previous Years
    • This year’s figures show a continued rise in cybersecurity threats, affirming organizations’ escalating challenge.
    • The growing number of breaches emphasizes the urgent need for improved and dynamic security strategies.

Following these revelations, the next part of our journey requires us to confront the issue of human risk in cybersecurity and understand how the DBIR 2023 findings can shape our strategies.

There are two types of SOC 2 audit reports. Type 1 is accomplished quickly as it looks at the information system at a single point in time. Type 2 reports monitor the system over a period of time, typically three to twelve months. These reports contain five sections:

  • Independent Service Auditors Report which is a summary opinion of the CPA performing the audit.
  • Management’s Assertion which confirms why, to the beset of their knowledge, management believes that the controls in place are suitable to meet a business’s service commitments and system requirements.
  • Description of the system under audit which gives details of the system, including scope, boundaries, controls and related contractual commitments. System elements include infrastructure, software, people, procedures, data, and system incidents. 
  • Auditor’s Tests of Controls (type 2 only), details the control criteria for assessing and reporting on controls for information and systems. 
  • Unaudited information is used for management to add any relevant information such as responses to exceptions.

Risk Management in the Light of DBIR 2023

The findings of the Verizon 2023 DBIR cannot be understated—they bring to light the ever-increasing threats in our cybersecurity landscape. However, it’s essential to remember that knowledge is power. Understanding these threats and risks equips us with the ability to build robust defenses. One key area that requires attention is human risk management.

The human factor in cybersecurity often remains the weakest link. From mishandling sensitive data to falling for phishing scams, human errors can provide a gateway for threat actors to breach our defenses. Hence, implementing strategies that address this issue becomes imperative.

Here’s how we can leverage the DBIR’s findings to manage human risks better:

  • Training and Awareness: The sophistication and adaptability of threat actors call for well-informed and cyber-aware employees. Regular security training and awareness programs can ensure your team is prepared to recognize and respond to threats.
  • Regular Audits and Updates: With the rising number of breaches, constant evaluation of your security infrastructure becomes essential. Regular audits can help identify and address potential weaknesses before they can be exploited.
  • Incident Response Planning: Given the prevalence of incidents, having a clear and effective incident response plan is crucial. It allows organizations to react swiftly to breaches, minimizing damage and downtime.

Our next section discusses how the Right-Hand human risk management solution aligns with the threats identified in the report and can help organizations mitigate these risks effectively.

How a Human Risk Management Solution Addresses the Data Breach Challenge

In the face of sophisticated and varied cyber threats outlined in the DBIR 2023, it’s evident that an adaptive, comprehensive approach to human risk management is needed. This is precisely where our solution comes into play.

A Human Risk Management Solution is built to address the human aspect of cybersecurity, which aligns perfectly with the current needs illuminated by the DBIR:

Through these features and more, a human risk management solution provides a comprehensive approach to cybersecurity training. Our next section delves into actionable steps your organization can take to implement these insights and improve security.

Remember, as a cybersecurity executive, it’s your responsibility to take proactive steps in securing your organization, and the Right-Hand solution is designed to assist you in that mission.

Implementing Security Training in Response to Findings

Now that we’ve understood the importance of managing human risk in cybersecurity let’s explore three actionable steps your organization can take in response to the findings of the DBIR 2023 report.

Adopt Adaptive Security Training: The evolving threat landscape calls for an adaptable approach to training. Adopt Right-Hand’s adaptive learning modules to ensure your team’s knowledge is always up-to-date.

Leverage Real-time Risk Scores: With the growing number of breaches, it’s essential to constantly evaluate your organization’s employee’s risk level. Utilize Right-Hand’s real-time human risk scores to monitor and mitigate potential threats effectively.

Establish a Robust Incident Response Plan: Given the rising number of security incidents, it’s imperative to have an effective incident response plan. Leverage Right-Hand’s intuitive platform to simplify incident reporting and management.

Through implementing these steps, your organization can improve its security posture and become more resilient against cyber threats. Remember, cybersecurity training products are designed to support you every step of the way. Check out our various training products [link to product page] to understand how they can enhance your security strategies.

The next section will address frequently asked questions about the DBIR 2023 and how Right-Hand’s solutions can help. Stay tuned to resolve any queries you might have.

Frequently Asked Questions (FAQs)


The Verizon 2023 Data Breach Investigations Report offers invaluable insights into the current state of cyber threats, providing a basis for strengthening cybersecurity strategies. When combined with Right-Hand’s human risk management solution, organizations can build a robust defense that addresses the evolving threat landscape.

By prioritizing human risk management and leveraging the insights from the DBIR 2023, Chief Information Security Officers and cybersecurity executives can protect their organizations and contribute to creating a more secure digital landscape.

Remember, in this ever-evolving cybersecurity arena, the goal is not just to react but to anticipate and prepare. Let’s embrace these insights, learn from them, and continue to build a safer cyber world.

Picture of Right-Hand Cybersecurity

Right-Hand Cybersecurity

More collection from our blogs

Ally is engaging, different, flexible, automated, device agnostic and aligns with our goals to be a cutting edge bank that both finds ways to accommodate and empower our people.

See for yourself how to upgrade your security awareness

Schedule a demo today, and learn how to raise engagement, performance and reduce operational stress with our platform.