This study is based on 914,547 security incidents, 234,638 of which turned out to be genuine security breaches with data leakage. Note the difference in definition between security incidents and breaches: breaches are confirmed incidents with data theft:

• Four main routes to corporate assets are favored by attackers: credentials, phishing, vulnerability exploitation and botnets;

This year, ransomware continued its upward trend with an increase of almost 13%. It's important to remember that ransomware is really just a model for monetizing an organization's access. Blocking the four key paths mentioned above blocks the most common ways ransomware invades your network;

Although it seems to be stabilizing year on year, thanks in particular to awareness-raising efforts, error remains a dominant trend and is responsible for 13% of intrusions. This year, 82% of breaches involved the human element. Be it the use of stolen credentials, phishing, abuse or simply human error.

Since October 2022, the PA DSS program published by the PCI SSS (Payment Card Industry Data Security Standard) has been replaced by the PCI SSF (Software Security Framework) program, comprising two standards: (i) the PCI SLC (Software Life Cycle) for entities wishing to demonstrate their ability to deploy secure development, and (ii) the PCI SSS (Software Secure Standard) for payment solutions requiring certification. This standard aims to ensure that payment software is designed, developed and maintained to protect payment transactions and data, minimize vulnerabilities and defend against attacks.  

‍