Verizon Business has unveiled the findings of its 16th annual Data Breach Investigations Report (DBIR) for 2023, shedding light on the escalating costs associated with ransomware attacks.  

The most notable revelation from the report is the exponential increase in the median cost per ransomware incident, which has more than doubled over the past two years, reaching a staggering $26,000.  

Alarmingly, 95% of the incidents that experienced a loss incurred costs ranging from $1 million to $2.25 million. This surge in expenses coincides with a dramatic rise in the frequency of ransomware attacks, surpassing the cumulative number of attacks recorded in the previous five years combined.  

Ransomware continues to be one of the most prevalent methods of cyberattacks, accounting for almost a quarter (24%) of all breaches. 

Related: Australia fights back against ransomware campaigns 

While organizations strive to safeguard their critical infrastructure and enhance cybersecurity training, the report highlights that the human element remains the primary cause of security incidents, contributing to a staggering 74% of total breaches.  

Cybercriminals exploit human vulnerabilities through social engineering techniques, such as phishing, where hackers manipulate individuals into clicking on malicious links or attachments. 

“Senior leadership represents a growing cybersecurity threat for many organizations,” warned Chris Novak, Managing Director of Cybersecurity Consulting at Verizon Business. 

 “Not only do they possess an organization’s most sensitive information, but they are often among the least protected, as many organizations make security protocol exceptions for them. With the growth and increasing sophistication of social engineering, organizations must enhance the protection of their senior leadership now to avoid expensive system intrusions.” 

In addition to ransomware and social engineering, the report highlights the surge in Business Email Compromise (BEC) attacks. Cybercriminals impersonating enterprise employees for financial gain have contributed to a median theft amount of $50,000 USD in BECs.  

This has led to a near doubling of pretexting attacks over the past year. To mitigate this threat, organizations with distributed workforces face the challenge of developing and strictly enforcing human-centric security best practices. 

Eliza Sayon

Website | + posts

Eliza is a content producer and editor at Public Spectrum. She is an experienced writer on topics related to the government and to the public, as well as stories that uplift and improve the community.

• Developing an effective data ecosystem
• The journey of building an ecosystem through data
• NZ government strengthens data privacy laws against third parties
• eSafety Commissioner issues legal notice against Twitter