Verizon Data Breach Investigations Report (DBIR)

The Verizon Data Breach Investigations Report (DBIR) is an annual publication that provides analysis of information security incidents, with a specific focus on data breaches.

The DBIR, first published in 2008, is produced by the Verizon RISK (Research, Investigations, Solutions, Knowledge) team within Verizon's Enterprise Services business unit. The report's data set combines data from public and private organizations around the world, including law enforcement agencies, national incident-reporting entities, research institutions, private security firms and Verizon. Before being analyzed, the case studies, reports and interviews are standardized using the Vocabulary for Event Recording and Incident Sharing (VERIS) Framework.

Each year, Verizon seeks to increase the size of its data set by incorporating data from more contributors. The 2014 Verizon Data Breach Investigations Report compiled information from more than 63,000 incidents, including over 1,300 confirmed data breaches from 50 contributing organizations spanning across 95 countries. These numbers increased from the 2013 report, which had information about 47,000 incidents with 621 confirmed breaches from 19 contributors across 27 countries.

Information in the report is used to identify common attack patterns including point-of-sale intrusions, Web application attacks, insider threats, physical theft, crimeware, payment card skimmers, denial of service, cyber-espionage and miscellaneous errors. The report also explains how often each of the attack vectors results in a data breach. For each type of attack, the DBIR maps out the threat actors, types of organizations targeted and the security controls that can best enable enterprises to prevent attacks that result in data breaches.