Introduction to regions
- 2020 DBIR
- DBIR Cheat sheet
- Summary of findings
- Results and analysis
- Incident classification patterns and subsets
- Industry analysis
- Does size matter? A deep dive into SMB Breaches
- Regional analysis
- CIS Control recommendations
- Year in review
- Appendices (PDF)
- Download the full report (PDF)
Please provide the information below to view the online Verizon Data Breach Investigations Report.
You will soon receive an email with a link to confirm your access, or follow the link below.
You may now close this message and continue to your article.
We present for the first time a focused analysis on macro-regions of the world, thanks to the diligent work of the team this year to increase the diversity of our data contributors and the more precise statistical machinery we have put in place.
After the filtering and subset creation described in the “Introduction to Industries” section, we are left with a similar result on Table 2. We define regions of the world in accordance with the United Nations M-4945 standard, joining the respective super-region and sub-region of a country together. By combining them even further, the subjects of our global focus are:
- APAC—Asia and the Pacific, including Southern Asia (034), South-eastern Asia (035), Central Asia (143), Eastern Asia (030) and Oceania (009);
- EMEA—Europe, Middle East and Africa, including Africa (002), Europe including Northern Asia (150) and Western Asia (145);
- LAC—Latin America and the Caribbean (419), also including for redundancy due to potential different encodings South America (005), Central America (013) and Caribbean (029);
- NA—Northern America (021), mainly consisting of breaches in the US and Canada, as well as Bermuda, which has also been busy lately for some reason;
As the table clearly shows, we have better coverage in some regions than in others. However, we did not want to leave anyone out of our around-the-world tour, and this is where a lot of our estimative language and percentage ranges will come in handy.
This is also a great opportunity for us to ask for our readers to help us by sharing your data so we have more data breaches to report on. Please don’t take this as an invitation to create data breaches by either malicious intent or by accident! However, by suggesting new potential data contributors from the regions where you, our readers, would like more detailed analysis, and by encouraging organizations in those areas to contribute data to the report, we can continue expanding our coverage and providing better analysis each new year.
The same caution with small sample numbers we discussed in the “Introduction to industries” section applies to Figure 115—some of them are so small that you can easily step on them like the Lego pieces your kid leaves lying around. Believe us when we tell you that a biased statement that does not take into consideration the small sample size (n value) is just as painful. Be on the lookout for "Data Analysis Notes" in the "Latin America and the Caribbean" section where we will be calling out those “small samples” and check out the "Methodology section" for more information on the statistical confidence background used throughout this report.
Please note: based on feedback from our readers, we know that while some study the report from cover to cover, others only skip to the section or region that is of direct interest to them. Therefore, you may notice that we repeat some of our definitions and explanations several times since the reader who only looks at a given section won’t know the definition or explanation that we might have already mentioned elsewhere. Please overlook this necessary (but possibly distracting) element.