Verizon DBIR: Use of stolen credentials in 44% of the cases

2023 Data Breach Investigations Report of which the dataset currently
contains 953,894 incidents, of which 254,968 are confirmed breaches shows that the use of stolen credentials forms 44.7% of the cases. But what else can we learn?

74% of all breaches include the human element, with people being involved either via Error,Privilege Misuse, Use of stolen credentials or Social Engineering. 83% of breaches involved External actors, and the primary motivation for attacks continues to be overwhelmingly financially driven, at 95% of breaches. External actors were responsible for 83% of breaches, while Internal ones account for 19%. In 94.6% of the breaches had a financial motive. Social Engineering attacks are often very effective and extremely lucrative for cybercriminals. Perhaps this is why Business Email Compromise (BEC) attacks now represent more than 50% of incidents within the Social Engineering pattern.

The three primary ways in which attackers access an organization
are stolen credentials, phishing and exploitation of vulnerabilities.