Perpetrators: 69 percent of breaches were executed by outsiders, including cybercriminal groups (39 percent) and nation-state or state-affiliated actors (23 percent). Just over a third, 34 percent, involved an insider threat. (Some breaches could have involved both external and internal actors.)
Tactics: 52 percent of breaches involved hacking, 33 percent included social engineering as a component, 32 percent involved phishing, 29 percent were made possible through stolen credentials and 28 percent were malware-enabled.
Motive: 71 percent of breaches were financially motivated, while 25 percent were conducted as part of an espionage operation designed to gain a strategic advantage.