- The 2020 “Cyber Espionage Report” (CER) draws from seven years of Verizon “Data Breach Investigations Report” (DBIR) content and more than 14 years of the company’s Threat Research Advisory Center (VTRAC) Cyber-Espionage data breach response expertise.
- Key findings of the report are that for cyber-espionage breaches, 85% of actors were state affiliated, 8% were nation-state affiliated, and just 4% were linked with organized crime. Former employees made up 2% of actors.
- The top compromised asset varieties in cyber-espionage breaches were desktop or laptop (88%), cell phone (14%), and web application (10%). For all breaches, the top asset varieties were web application (43%), desktop or laptop (31%), and email (21%).
- “Because cyber-espionage is a difficult incident pattern to detect, the numbers may be much higher. The kinds of data stolen in Cyber-Espionage breaches (e.g., secrets, internal or classified) may not fall under the data types that trigger reporting requirements under many laws or regulatory requirements.”
– Sarah Coble | November 17, 2020