Verizon 2024 DBIR: Employees Remain Weakest Link in Cybersecurity Chain

Verizon's 2024 Data Breach Investigations Report reveals the role of employees in creating opportunities for threat actors to infiltrate organizations.
May 9, 2024

Employees are undoubtedly the cornerstone of your enterprise’s success. They also represent the Achilles' heel of its security. The harsh truth of cybercrime is that it's just a numbers game. If the right solutions aren’t in place, protecting the organization from email attacks requires employees to correctly identify threats 100% of the time—which simply isn’t feasible.

Last week, Verizon released its 17th annual Data Breach Investigations Report, which explores the perpetrators, tactics, and targets of cybercrime. Building on the trends we’ve seen in recent years, the data revealed how big of a role the workforce plays in creating opportunities for attackers to compromise an organization—and the ways threat actors are capitalizing on those opportunities.

The Human Element Is a Component in 68% of Breaches

Note: Verizon adjusted its human element metric this year to exclude malicious insiders, which lowered the number slightly from last year.

The vast majority of cybercrime today is successful because it exploits the people behind the keyboard.

Rather than focusing on technical vulnerabilities, modern, socially engineered attacks rely on manipulation and deceit to convince employees to share sensitive data, provide login credentials, and update bank account information. Verizon found that nearly 70% of all breaches include the human element, with people being involved either via unintentional error, use of stolen credentials, or social engineering.

Further, phishing tests revealed that the median time for an employee to click on a malicious link after opening a phishing email is 21 seconds, and then just another 28 seconds for the recipient to provide the requested information. In other words, employees can be tricked into divulging sensitive information via a phishing attack in under a minute.

Social Engineering Attacks Account for 30% of All Breaches

While the incidence of business email compromise (BEC) did not dramatically increase the way it did between 2021 and 2022 (when it nearly doubled year-over-year), it remains the top type of social engineering incident included in the DBIR.

BEC was also the tactic used in 25% of all financially motivated attacks and, together with phishing, accounted for almost 30% of all breaches analyzed by Verizon.

By relying on text-based communication and opting to compromise people instead of networks, attackers can more easily circumvent conventional security measures. This is because traditional security solutions lack the functionality to understand the subtleties and nuance of language and human behavior, making it difficult for them to distinguish between genuine and malicious intent.

Breaches Due to Compromised Vendors Jump Nearly 70%

Although compromising employees remains the most direct way for threat actors to infiltrate your organization, every vendor your enterprise works with also represents a potential entry point.

If a vendor hasn’t implemented sufficient security controls and a threat actor successfully compromises an account in their ecosystem, the bad actor can then use that account to launch an attack on your organization. And because any messages would be sent from a legitimate account with no history of malicious behavior, the emails would bypass any signature-based security solution. Further, the targeted employee would have no reason to believe any requests were fraudulent since they would appear to be from the actual vendor.

According to Verizon’s research, 15% of breaches were influenced by supply chain interconnection—a 68% year-over-year growth. The fact is that attackers will always choose the path of least resistance. Unfortunately, this means that an organization’s security is only as strong as its weakest vendor.

Stopping Attacks That Exploit Human Behavior

Security awareness training is undeniably important, and every enterprise should commit to educating its employees about the threats targeting its organization. However, the most effective way to prevent a data breach is to ensure employees can’t engage with malicious emails in the first place.

An AI-native, API-based email security solution utilizes behavioral data to understand the behavior, communications, and processes of every employee and vendor across the entire organization. Then, it uses computer vision and natural language processing (NLP) to examine email content and identify anomalous activity, enabling it to detect and block threats—before they reach employee inboxes.

See for yourself how Abnormal AI provides comprehensive email protection against attacks that exploit human behavior. Schedule a demo today.

Schedule a Demo
Verizon 2024 DBIR: Employees Remain Weakest Link in Cybersecurity Chain

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.


See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

Integrates Insights Reporting 09 08 22

Related Posts

B travelscams
Cybercriminals exploit stolen financial data to offer consumers heavily discounted travel deals. Learn how these email scams work and tips to avoid falling victim to them this summer travel season.
Read More
B Earn Your CPE Credits with Abnormal
Earn your continuing education credits with ISC2 by viewing cybersecurity content from Abnormal Security.
Read More
B Seg Lessons
Discover key insights gleaned from replacing 100+ SEGs for Abnormal customers.
Read More
B Europe Attack Data Blog
Discover what our research uncovered about the European threat landscape and attack trends for organizations in the region.
Read More
Abnormal aims to provide superior detection of email attacks while also directly and indirectly influencing the security awareness of your employees.
Read More
B 6 3 24 BEC Attacks
Discover how cybercriminals obtain corporate data from brokers like ZoomInfo and Apollo to enable targeted business email compromise (BEC) attacks.
Read More