In their 2014 Data Breach Investigation Report, Verizon identified nine basic patterns of cybersecurity incidents based on over 100,000 incidents recorded over the previous decade. 92% of all incidents fit into one of these categories.

The data from their report every year since covers up to 2019 covers over 17,000 data breaches, of which 88% fit these patterns. Of the 375,000 total incidents Verizon included in its research, 98.5% fit.

Separating the most common threats into categories makes it easier for businesses to know what to look out for and to prioritise their efforts accordingly when it comes to cybersecurity. A comprehensive understanding of the nine basic patterns Verizon has identified and knowledge of how to protect your business against them can be the key to having a consistently resilient defence against cyber risk.

Privilege misuse

Any unapproved or malicious use of business resources is classified as privilege misuse. In the 2019 report, it was most common pattern found in effective cyberattacks. This is typically due to insider threats, but can also be down to former employees misusing sensitive information they took with them when they left your organisation.

Denial of service

Denial of service attacks attempt to compromise access to and use of business networks. These are typically designed to overwhelm a system so its necessary processes are interrupted or degraded to the extended that they can’t perform at a reasonable standard. This is often aimed at large businesses in an attempt to extort them financial gain.


Verizon categorised any form of malware that didn’t fit into a more specific pattern as crimeware. These are generally opportunistic, taking advantage of easily exploitable vulnerabilities in the protective structure of businesses who make common cybersecurity mistakes. Command and control attacks are the most common form of crimeware, making up 47% of incidents recorded into the 2019 Verizon report.

Lost and stolen assets

If data isn’t properly backed up, losing the drive on which it is saved or physical copies of it can put you at serious risk of a breach, especially if your devices are not encrypted when they are misplaced or stolen. Verizon found that the assets most like to be involved in theft and loss-related breaches are laptops and paper documents. The report also found that assets were most commonly stolen either from the victim’s place of work or vehicle.

Web applications

There are a number of cyberattacks that depend on web applications as a vector of attack. These can include approaches such as interfering with authentication processes or directly targeting the code at the foundation of an application. These types of attacks most frequently target cloud services, with unauthorised access to cloud-based email servers making up more than half of all breaches in this pattern.

Miscellaneous errors

Even if everyone in your business has an up-to-date and comprehensive knowledge of best cybersecurity practice, mistakes can still happen. Many cyberattacks rely on unintentional actions causing vulnerabilities that can be exploited. As much as 85% of miscellaneous errors can be attributed to misconfigured servers, misdelivery of sensitive data and information being published to the wrong audiences.

Cyber espionage

Some cyberattacks are engineered by state-affiliated actors attempting to steal classified or sensitive data for economic, political or military gain. This can be on behalf of a government or a company looking for an advantage over their competition. Nation states make up a majority of actors in this kind of attack, with competitors. Former employees and organised criminal groups combined are behind just 4% of cyber espionage attacks.

Point of sale

Point of sale terminals and controllers used in retail card payment transactions are commonly targeted by cybercriminals. These can be used to obtain credit card information as well as sensitive data about the transactions made by an organisation. These types of attacks are most frequently found in the accommodation industry.

Payment card skimming

Physical interference with payment devices, while generally declining in popularity, is still a common method of attack. Criminals tamper with machines that read data from payment cards so that they have access to that information and can take advantage of the accounts attached to those cards.