A recently released study that analyzed the top 100 breaches from July 2021 to July 2022 showed that hackers went after personally identifiable information 42.7% of the time.
Out of all of the types of data available for cybercriminals to steal — credit card info, passwords, source code, etc. — the authors of the Imperva study said that PII is the most valuable since criminals can compile more PII from the dark web to then engage in harder to prevent fraud or full-on identity theft.
For the analysis, Imperva looked at publicly available sources from the web, breach reports, hackers’ forums, analysis of stolen database dumps and information from Imperva’s own honeypots.
What they found was that 27.1% of data breaches were caused by hackers. But Imperva researchers said what struck them most was that the two reasons that tied for second when it comes to root causes — unsecured databases and social engineering at 14.6% — are fairly straightforward to mitigate: “A publicly open service increases the risk of a breach to happen, but in most cases, this is not a failure of security practices; it is rather a complete absence of a security posture,” they wrote.
Ransomware followed as the fourth most common cause of a breach at 10.4%, and third parties caused 7.2% of breaches.
Finance, professional services, healthcare and public administration were the top four industries that recorded the most breaches during the analysis.