Watch: What the 2023 Verizon Data Breach Investigations Report Means for Your Manufacturing Business

Highlights of the July 19, 2023, HBK Risk Advisory Services webinar hosted by William J. Heaven, CPA/CITP. CISA, CSCP, Senior Director, HBK Risk Advisory Services.

Watch On-Demand.

The Verizon Data Breach Investigations Report (DBIR) is based on data reported to Verizon by global expert cybersecurity firms. The primary purpose of the DBIR is to inform organizations about the cybersecurity threats they face and how to protect against them. The DBIR is considered a “go-to resource” by many in the cybersecurity field. It is a global snapshot of what’s going on in terms of cybersecurity incidents and breaches in various industries.


The 2023 Report is the 16th annual edition; was released in June.

  • Highlights about 20 vertical industries
  • 67 contributing organizations
  • 16,312 incidents: 1800 targeted at manufacturing industry (11%)
  • 5,212 confirmed data breaches: 262 in manufacturing industry (5%)
  • Categorized by VERIS system: Vocabulary Event Recording and Incident Sharing.

  • Started tracking in 2010
  • Tracks eight patterns in a wide range of industries: denial of service, lost and stolen assets, miscellaneous errors, privilege misuse, social engineering, system intrusion, web applications, and everything else. Some attacks can be identified by more than one category.
  • Phishing is number one attack relative to lost and stolen assets, becoming more prevalent.


  • Incident definition: a security event that compromises the integrity, confidentiality, or availability of an information asset
  • Breach definition: an incident that results in the confirmed disclosure—not just potential exposure—of data to an unauthorized party
  • Reasons definitions exist include for cybersecurity insurance applications.
  • For selected industries—financial, healthcare, manufacturing, information, and professional—the top three threats are social engineering, system intrusion, and web applications.

    Why pay attention to DBIR?

  • The more you know about cyber threats you face, and what other companies in your industry are facing, the better your chances of keeping your data secure.
  • Helps you learn where to focus your attention.
  • The report is interesting as well as valuable.
  • Find the report via Google search or the

  • Full version is about 88 pages with an executive summary of less than 20 pages in length.
  • Also can get insider reports on particular industries.
  • Takeaways from the 2023 Report:

    Ways attackers get to your information:

  • Credentials
  • Phishing
  • Exploiting vulnerabilities
  • Advice: Educate employees about phishing, and scan for and patch your vulnerabilities: 74% of all breaches includes human element (errors, privilege misuse, or social engineering)

    Ransomware is still a big problem:

  • Increased by 13 percent in 2022 Report: more than previous five years combined.
  • Remains at same level in 2023 Report.
  • One in 4 cyber attacks involves ransomware.
  • Average cost to a company for a ransomware attack in 2022 was $4 million-plus.
  • Social engineering: incidence of pretexting rose

  • Half of all social engineering incidents used pretexting.
  • Business email compromises are common.
  • Errors continue as a trend:

  • Misdelivery (wrong recipient; 43% of breach errors)
  • Misconfiguration (21% of breach errors)
  • Publishing (showing to the wrong audience; 23% of breach errors)
  • Small and medium-size businesses

  • Used to be a large disconnect between occurrences in large versus smaller companies, but now moving closer together.
  • Patterns are virtually the same.
  • Large businesses tend to discover breaches sooner; they have more resources to identify they’re being breached.
  • About the Author(s)
    Bill Heaven is a senior director in HBK’s IT Department. He specializes in cybersecurity, IT security, external IT audit, internal IT audit, IT consulting, software development, IT governance, PCI-DSS, supply chain, system implementations, and e-commerce. You can reach Bill at 330.758.8613, or by email at
    Hill, Barth & King LLC has prepared this material for informational purposes only. Any tax advice contained in this communication (including any attachments) is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties under the Internal Revenue Code or under any state or local tax law or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein. Please do not hesitate to contact us if you have any questions regarding the matter.