These attacks were primarily leveraged by ransomware and other extortion-related threat actors, and the main entry point was web applications, the report noted.

Analyzing the data also reveals a significant area of weakness among many organizations — bad actors are more quickly harnessing vulnerabilities than organizations can patch them. It takes organizations approximately 55 days to fix half of these vulnerabilities, while large-scale scanning for those same vulnerabilities by threat actors is happening within five days, Verizon found.

While many organizations have robust, mature vulnerability management and patching programs, complacency can be a danger when it comes to reviewing these elements of the cybersecurity posture.

“Going forward, they need to dust off those plans, relook at the strategies and even increase funding to elevate the level of risk and importance patching has,” said Le Busque.

2. Ransomware and extortion attacks continue to grow

Attacks involving ransomware or extortion have seen strong growth over the past year, accounting for a high of 32% of all breaches. Given the prevalence of ransomware attacks, it was a top threat across 92% of industries, and the average cost of attacks was also on the up.

“It suggests a refining and maturity of ransomware attacks because criminals are gaining a higher payout for the same effort,” Le Busque told CSO.