According to breach-pattern data, what kind of attack has become the dominant cause of breaches, and who is behind most of them?
"System Intrusion" — sophisticated, often multi-step technical attacks — has overtaken social engineering and basic web attacks; the overwhelming majority are external actors after money.
Verizon's annual Data Breach Investigations Report (DBIR) tracks the patterns behind real breaches over time. By 2023 the pattern called System Intrusion — complex, technical, frequently multi-stage attacks (think malware, exploited vulnerabilities, hacking chains) — had climbed to the top, overtaking Social Engineering and Basic Web Application Attacks, which had dominated in earlier years.
The actor and motive breakdown for system intrusions is strikingly lopsided:
| Dimension | Breakdown |
|---|---|
| Threat actors | External 96%, Internal 4% |
| Motive | Financial 97%, Espionage 3% |
Why this matters for a developer: the attackers hitting your software are overwhelmingly outsiders chasing money, and the leading breach pattern is technical intrusion — exactly the class of attack that hardened, well-written code makes harder and more expensive. This is the data-driven answer to "why bother writing secure code?"