Financial gain is the highest motive for External actors, with Web Applications being 39% of breaches. Error among employees is another issue for this sector, particularly with regard to Misconfiguration and Misdelivery. While Credentials are a desirable target, it is Personal data that is most frequently stolen here.
107 incidents, 66 with confirmed data disclosure
Web Applications, Miscellaneous Errors, and Everything Else represent 83% of breaches
External (68%), Internal (33%), Multiple (2%) (breaches)
Financial (60%—98%), Espionage (0%—28%), Convenience/Fear/Fun/Grudge/Other/Secondary (0%—15% each) (breaches)
Personal (81%), Other (42%), Credentials (36%), Internal (25%) (breaches)
Boundary Defense (CSC 12), Implement a Security Awareness and Training Program (CSC 17), Secure Configurations (CSC 5, CSC 11)
Data Analysis Notes
Actor Motives are represented by percentage ranges, as only 12 breaches had a known motive. Some charts also do not have enough observations to have their expected value shown.