Verizon Report Says Weak, Stolen Passwords Remain Top Cause for Breaches

    May 22, 2017

    As reported on, a Verizon study suggests the leading factor in data breaches is a weak or stolen password.

    Verizon’s annual Data Breach Investigations Report, issued in April, cites thousands of cybersecurity incidents from 2016 and concludes that about 60% of all breaches involved hacking, and that 81% of the hacking-related breaches stemmed from weak and/or stolen passwords.

    Phishing attacks, employee error, and other misuse account for the non-hacking breaches, according to the report.

    In the 2014 report, ransomware was cited as the 22nd most common variety of malware, but in this year’s study it had leapt all the way to fifth most common.

    Analysis was conducted on roughly 42,000 international incidents that were defined as security events that compromised the integrity, confidentiality, or availability of an information asset, and on nearly 20,000 breaches that involved actual data loss.

    Additional newsworthy findings from the study:

    • Only a quarter of incidents were perpetrated by outsiders.
    • About half of the breaches included malware, and two-thirds of that malware was delivered by malicious e-mail attachments.
    • About 27% of the breaches were discovered by third parties
    © 2017, ARMA International