zephyr_p - stock.adobe.com

Ransomware volumes grew faster than ever in 2021

Verizon’s annual DBIR assessment of the security landscape highlights an unprecedented boom in ransomware volumes, to the surprise of nobody

Cyber security experts would have had to have spent most of the past year hiding under a rock to have missed the increase in the volume of successful ransomware attacks during 2021, but according to figures released today in Verizon’s 2022 data breach investigations report (DBIR), the year-on-year (YoY) jump seen last year was greater than the past five years combined.

Verizon’s Threat Research Advisory Centre (VTRAC), together with more than 80 independent industry contributors, observed a 13% increase in ransomware breaches last year. It said that as cyber criminals leverage increasingly sophisticated tools, ransomware was proving particularly successful at exploiting – and monetising – illegal access to data.

This is the fifteenth year that Verizon has published its landmark DBIR report. For the latest edition, its data was drawn from a total of 23,895 security incidents of which 5,212 were confirmed breaches.

Verizon’s team said it was possible to attribute roughly 80% of these breaches to organised crime, with external actors about four times more likely to cause breaches in an organisation than malicious insiders. However, it also found there was a “human element” involved in around 82% of them, largely due to three factors – social engineering, abuse of privilege, and simple human error.

2021 was also noteworthy for the emergence of security incidents that began in the victim’s supply chain – the SolarWinds and Kaseya breaches being the most obvious examples of such attacks, with such organisations acting as “force multipliers” for cyber criminals. Indeed, the VTRAC team found that 62% of system intrusions originated via an organisation’s partner.

“Over the past few years, the pandemic has exposed a number of critical issues that businesses have been forced to navigate in real time. But nowhere is the need to adapt more compelling than in the world of cyber security,” said Hans Vestberg, CEO and chairman of Verizon.

“As we continue to accelerate toward an increasingly digitised world, effective technological solutions, strong security frameworks, and an increased focus on education will all play their part in ensuring that businesses remain secure and customers protected.”


Verizon said its latest report demonstrated there were four key paths leading to compromise – botnets, credentials, phishing, and vulnerability exploits – with all of them pervasive and no organisation properly secured without an appropriate plan to address them.

As ever, it said, it behoves security teams to pay attention to some fundamental aspects of security controls – data protection, secure configuration of assets and software, account management, access control, and staff awareness and training.

DBIR lead author Dave Hylender added: “Entering its 15th year, Verizon’s Data breach investigations report remains the leading authority on assessing the many cyber security threats that organisations continue to face.

“And while the report has evolved, the fundamentals of security remain the same. Assess your exposure, mitigate your risk, and take appropriate action. As is often the case, getting the basics right is the single most important factor in determining success.”

Rick Holland, CISO and strategy vice-president at DBIR contributor Digital Shadows, commented: “If I had to sum up this year’s DBIR, the more things change, the more they stay the same. The use of stolen credentials, phishing, and vulnerabilities remains the top way threat actors gain initial access to organisations. Companies are spending billions of dollars on defence, yet these problems persist.”

Read more about ransomware

Read more on Data breach incident management and recovery

Data Center
Data Management