Study finds troubling perception gap in what causes cybersecurity incidents and data breaches
FOR IMMEDIATE RELEASE
December 7, 2023
CONTACT:
David Oglethorpe
VP, Communications
Hive Systems
804-396-4720
mediarelations [at] hivesystems.io
Study finds troubling perception gap in cybersecurity incident and data breach causes
Research updated this year with new data shows a growing divide.
RICHMOND, Va. – A recent study published by Hive Systems found that the media, academia and the general public vastly overestimate the prevalence of system intrusions while underestimating more common causes of cybersecurity incidents and data breaches. A comprehensive analysis of academic publications, media trends, and search engine results showed that while system intrusions account for only one-third of cybersecurity incidents and data breaches, more than two-thirds of media coverage and internet searches focused around the topic.
“Having more accurate conversations about how hackers affect businesses and families is critical,” said Alex Nette, Hive Systems CEO and Co-Founder. “If we’re focused on what we see in the news and online, it creates a bias that leads to cybersecurity investments in areas that may not reduce your risk.”
While the industry-standard 2023 Verizon Data Breach Investigation Report (DBIR) listed system intrusions as the most prevalent cause of cybersecurity incidents and data breaches (35% and 25% respectively), the public perception far outweighs its pervasiveness. According to the report, not only were internet searches for system intrusions nearly twice as common (55%), the second-most common tool for data breaches – basic web application attacks – was barely explored (<1%).
Similarly, media coverage predominantly focused on system intrusions and social engineering – approximately 75% of all coverage. That amount of coverage equates to over 30% more than its frequency as reported by the DBIR. While The New York Times dedicated a majority of its coverage cybersecurity incident and data breach coverage to system intrusions (65%), The Guardian spent 30% of its coverage on social engineering – a stark difference in coverage between the two outlets.
On the academic side, over three-quarters of all academic journals published focused on denial of service attacks – a topic that accounted for a minuscule 1% of total cybersecurity data breaches and only 40% of total cybersecurity incidents.
DBIR incident and breach classification patterns are based on clustering of data as opposed to how the cybersecurity industry tends to group them. Types of breaches include System Intrusion (e.g., ransomware, malware, stolen credentials), Social Engineering (e.g., phishing emails, texts, phone calls), Basic Web Application Attacks (e.g., SQL injection), Miscellaneous Errors (e.g., misconfigurations), Privilege Misuse (e.g., disgruntled employee data leak), Lost and Stolen Assets (e.g., stolen laptop or phone), Denial of Service (e.g., DDoS attacks) and Everything Else (e.g., ATM card skimmers).
The chart summarizing the research results is available for download here.
# # #
About Hive Systems
Hive Systems provides smarter cybersecurity services with our trusted experts, and leading cybersecurity products with Audora and Derive. Leveraging our collective experience, we promote a true partnership by understanding what makes your organization unique to help evaluate your cybersecurity strengths and vulnerabilities. Together, we’ll develop a risk reduction strategy that best utilizes your existing investments, including both technology and people, to reduce your risk anywhere - so you can keep your information secure everywhere. Through Hive Helps, we offer pro bono services to qualified non-profit organizations and communities to ensure that limited resources don’t stand in the way of social progress.