5 Things About Phishing in the 2021 DBIR That You’ll Want to See

July 01, 2021

Every year, MSPs and businesses await the Verizon Data Breach Investigations Report (DBIR). While it is always jam-packed with a wealth of data that helps IT professionals, business leaders and MSPs informed decisions about cybersecurity, it’s also a very dense read. The DBIR contains essential, detailed information about exactly how every force moved in the year’s data breach landscape. That means it also contains some very important information about the way that phishing and a data breach intersect. Here are the five most salient data points about that relationship gleaned from the 2021 DBIR. 


Automated security isn’t a luxury. See why Graphus is a smart buy. LEARN MORE>>


Five Essential Facts to Remember

  1. 3-time champion phishing remained the top threat action that resulted in a breach. 

The victor and still champion, phishing still reigns supreme as the three-time winner of the top data breach threat. Considering the immense increase in email volume and the flood of pandemic-themed phishing emails unleashed in 2020, that’s not very surprising. An estimated 75% of organizations around the world experienced some kind of phishing attack in 2020.  Phishing threats as the cause of a data breach in 2020 actually increased by 10%, which tracks with the record-breaking cybercrime rates that started in March of that year as the pandemic took hold. While phishing messages are the most likely vector for ransomware it’s not included in the calculus here because it has become such a behemoth that it has its own category.  

  1. The number of breaches that involved ransomware doubled. 

If it seems like you’re hearing about ransomware attacks every time you look at cybersecurity news, that’s because you are. The number of breaches studied that included ransomware doubled. The favored weapon of cybercriminals ranging from nation-state threat actors to small-time freelancers in the RaaS economy, this powerhouse shows no signs of stopping. In fact, ransomware is only becoming more dangerous as new variants evolve. It’s also getting a workout as a spanner in the works to bring infrastructure targets to their knees. Ransomware is already up by more than 100% in 2021 over record numbers in 2020 and it’s still climbing, making this the top security concern for 2021 – and eliminating ransomware threats starts with eliminating phishing. 


Looking for a security rockstar? We deliver 5 superstar benefits at 1 low price! SEE THE BENEFITS>>


  1. 85% of social engineering actions that lead to a data breach are done via email. 

To no one’s surprise, researchers noted that social engineering and phishing go hand-in-hand as a major source of trouble. The number one type of social engineering attack is phishing, and social engineering attacks are responsible for 93% of successful data breaches, so it’s safe to say that socially engineered phishing emails are an enormous risk for businesses. That risk was made even more dangerous by a sudden flood of newly remote workers. Cybercriminals are adept at taking advantage of the edge that social engineering gives them. They’re also adept at varying the bait that they’re dangling to make sure that it’s timely and enticing to their targets. From poisonous PDFs to fake government communications, bad actors have pulled out all the stops as they try to catch unwary employees through phishing. 

  1. Business Email Compromise (BEC) is the second most common vector for social engineering. 

The primary reason that cybercriminals chose to conduct sophisticated social engineering attacks in 2020 was phishing for credentials, BEC claimed the number two spot. Less glamorous than ransomware but significantly more damaging, BEC scams are often overlooked as a major danger. Business email compromise schemes also held the top spot as the costliest cybercrime reported to The FBI’s Internet Crimes Complaint Center (IC3) clocking in at 19,369 complaints with an adjusted loss of approximately $1.8 billion – that’s 64 times the cost of ransomware reported in 2020.  Buoyed by high email volumes and a chaotic business world, cybercriminals pounced on the bumper crop of targets like inexperienced remote workers who were ripe for the picking.  

  1. 85% of breaches involved a human element. 

This is important for businesses to remember. The top cause of data breaches is still human beings. Specifically, errors made by employees. It is far too easy for cybercriminals to concoct compelling phishing messages that can fool employees into handing over credentials or opening a ransomware-laden document – 48% of malicious email attachments are Office files. Employees also fear missing out on an important message far more than they fear unleashing malware or falling for a phishing attack. An estimated 45% of employees click emails they consider to be suspicious anyway “just in case it’s important.” 


What’s next in phishing? Find out in the 2021 State of Email Security Report! GET IT NOW>>


Automated Security Eliminates Data Breach Pitfalls

As these five data points illustrate, phishing is a gateway to a data breach. The dangers of phishing can be addressed through security awareness training, but nobody’s perfect. Inevitably, human beings make mistakes. That’s one reason why the best way to protect your business from phishing is to prevent phishing messages from coming in contact with your employees at all with a powerful automated antiphishing defender – Graphus. 

Put Graphus on the job to keep sophisticated phishing threats away from your business. It can’t be fooled by social engineering, so it won’t fall for fake urgent or scary messages. It doesn’t get tired, distracted or stressed like employees. It never takes a day off and it doesn’t make mistakes. Instead, Graphus reliably defends your business from data breach risks like phishing 24/7/365 with three powerful protective shields. that stop 40% more phishing messages than the competition. 

  • TrustGraph uses more than 50 separate data points to analyze incoming messages completely before allowing them to pass into employee inboxes. TrustGraph also learns from each analysis it completes, adding that information to its knowledge base to continually refine your protection and keep learning without human intervention. 
  • EmployeeShield adds a bright, noticeable box to messages that could be dangerous, notifying staffers of unexpected communications that may be undesirable and empowering staffers to report that message with one click for administrator inspection.   
  • Phish911 enables employees to instantly report any suspicious message that they receive. When an employee reports a problem, the email in question isn’t just removed from that employee’s inbox — it is removed from everyone’s inbox and automatically quarantined for administrator review.
  • SEE OUR 3 SHIELDS EXPLAINED IN AN INFOGRAPHIC=>   

Addressing the dangers of phishing is a smart way for businesses to reduce their risk of a damaging data breach. One of the best ways to do that is to prevent the inevitable mistakes that employees will make by keeping them out of the picture with Graphus. Schedule a demo today=> 


Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus