2020 Verizon DBIR Brings a Nice Surprise

I have waited all year for this. For weeks, I have found myself wondering what this year’s special day will bring as I look forward to the release of the Verizon Data Breach Investigation Report (DBIR). For security data geeks like me, this is our Christmas, and Verizon is our jolly old Saint Nick.  

For many security practitioners, DBIR Day is one that often comes with a sobering and somber reality that the industry is not all that good at cybersecurity. So, just as I have done for the last 13 years, I spent the morning reviewing the report, looking for signs of impact or progress, opportunities and needs. This year, I found many of those things and, for the first time in a very long time, I found evidence that our tireless practice is making a difference.  

This year, I found a simple statistic that pointed to a sign of progress. It was the first stat in the summary, and it read “81% of data breaches were contained in days or less.” My immediate thought was that that this has always been defined in weeks, months, or even years. Now we are looking at a matter of days. Days! 

As the chart in Figure 44 shows, breaches are detected in Days or Less 81% of the time in 2019 which is an increase from 20% of the time in 2015. Additionally, breaches detected in Months or More is now down below 25% from a high of more than 90% in 2016. 

graph showing discovery over time in breaches

This is outstanding. This is remarkable. We can, in fact, and for the first time, honestly say we have significantly decreased the time of Breach Detection. This is amazing, right? 

 Well, Verizon did include a note in the report that we may want to hold the celebration for a moment.  

“However, before you break out the bubbly, keep in mind that this is most likely due to the inclusion of more breaches detected by managed security service providers (MSSPs) in our incident data contributors’ sampling, and the relative growth of breaches with Ransomware as collateral damage, where Discovery is often close to immediate due to Actor disclosure.“ 

Hmmm. A little rain for our parade? Nope, not for me. The data clearly shows that as an industry we have made improvement. When this report was first published 13 years ago, we were predominantly focused on Protection and not Detection. The difference in those two words alone is cause for some recognition. As an industry we have shifted the focus. We have established a balance between Protection, Detection, and Response.  

The chart in Figure 45 clearly shows that in four short years, we have made more than 20% improvement and are now looking at containment in days, if not hours, more than 80% of the time. 

graph showing containment over time in breaches 

I have to say, these results are encouraging. I will show up to work tomorrow (at my home office, at least) with a bit more pep and vigor, just knowing the simple fact that our hard work and relentless effort is paying off.  

I don’t know about you, but I’m pleasantly surprised with what I got for DBIR Day this year. And you should be too.   

Thank you!