2015 Data Breach Investigations Report


The 2015 Data Breach Investigations Report (DBIR) continues the tradition of change with additions that we hope will help paint the clearest picture yet of the threats, vulnerabilities, and actions that lead to security incidents, as well as how they impact organizations suffering them. In the new “Before and Beyond the Breach” section, our security data scientists analyzed (literally) dozens of terabytes of data from partners new and old, making this one of the most collaborative, data-driven information security (InfoSec) reports in existence. If you’re accustomed to reading the DBIR mainly for the headliners and one-liners, you might need to coffee up and put your thinking cap on for this one. But it’ll be worth it; we promise. Fret not, “Incident Pattern” aficionados—the nefarious nine are back, but they have slimmed down a bit, as you’ll see when you get to that section.

Speaking of partners, the DBiR would not be possible without our 70 contributing organizations. We continue to have a healthy mix of service providers, IR/forensic firms, international Computer Security information Response Teams (CSiRTs), and government agencies, but have added multiple partners from security industry verticals to take a look at a broad spectrum of real-world data. Their willingness to share data and actionable insight has made our report a hallmark of success in information sharing. For that, each of them has our respect and gratitude.

If you’re curious about what, how, and why we did what you see before you, flip to Appendix B, where we discuss sample bias, methodology, and other details of the research efforts making up the report. To further encourage readers to try this at home, we’ve included a “Where can i learn more?” component to each relevant section, which should help you start or grow your own data-
driven security practices.