-
Frequency
156 incidents, 69 with confirmed data disclosure
Top patterns
System Intrusion, Social Engineering, and Basic Web Application Attacks represent 90% of breaches
Threat actors
External (90%), Internal (10%) (breaches)
Actor motives
Financial (91%), Espionage (9%) (breaches)
Data compromised
Credentials (45%), Personal (45%), Payment (41%), Other (18%) (breaches)
Top IG1 protective controls
Security Awareness and Skills Training (CSC 14), Access Control Management (CSC 6), Secure Configuration of Enterprise Assets and Software (CSC 4)
What is the same?
This industry continues to be targeted by financially motivated criminals going after payment and personal data.
Summary
Accommodation and Food Services, while having seen a decrease of System Intrusions since 2016, is still victimized by Malware via email and the Use of stolen credentials used against Web applications.
Accommodation and Food Services
NAICS 72
- 2022 DBIR
- Master Guide
- Introduction
- Summary of Findings
- Results and Analysis Intro
- Results and Analysis - Intro to Patterns
- Results and Analysis - Not the Human Element
- Results and Analysis - Basic Web Application Attacks
- Industries
- Intro to Industries
- Accommodation and Food Services Data Breaches
- Arts and Entertainment Data Breaches
- Data Breaches in Education
- Financial Services Data Security Breaches
- Healthcare Data Breaches
- Information Industry Data Breaches
- Data Breaches in Manufacturing Industries
- Data Breaches in Energy & Utilities Industries
- Professional Services Data Breaches
- Public Administration Data Breaches
- Retail Data Breaches and Security
- Small Business Data Breach Statistics
- Intro to Regions
- Wrap Up
- Appendices
- Corrections
- Download the full report (PDF)
Please provide the information below to view the online Verizon Data Breach Investigations Report.
Thank you.
You will soon receive an email with a link to confirm your access, or follow the link below.
Thank you.
You may now close this message and continue to your article.
-
Patterns
5-Year difference
3-Year difference
System Intrusions
Less
Less
Social Engineering
Greater
No change
Basic Web Application Attacks
Greater
Greater
-
Pattern
Difference with peers
System Intrusion
No change
Social Engineering
No change
Basic Web Application Attacks
No change
-
The Accommodation and Food Services industry is one of the few industries that saw a drop in terms of System Intrusions. However, it shows similar trends to other industries in regard to Basic Web Application Attacks and Social Engineering. They have been on the increase over the last 5 years, and are now a bit closer to the same baseline for the types of attacks that the other industries are experiencing.
-
Figure 78 captures the top Action varieties found in this industry. This is one of the few industries that is extremely long tailed, with over 80% of the breaches including Actions not captured in the top five varieties. While that might seem imposing, keep in mind that the vectors are still the usual suspects found in the other industries: Email, Web apps and Desktop sharing software.
-
Looking back
In the 2012 DBIR, Accommodation and Food Services represented over 54% of our cases and has since dropped to less than 2% of our incidents. This represents both a total drop in cases but also a rather dramatic drop in incidents and may be representative of a larger shift in the criminal ecosystem to target and victimize not only the organizations with credit card data but any organization.
Let's get started.
Choose your country to view contact details.
- Select Country...
- Argentina
- Australia
- Austria
- Belgium
- Brazil
- Canada
- Chile
- China
- Colombia
- Costa Rica
- Denmark
- Finland
- France
- Germany
- Hong Kong
- India
- Ireland
- Italy
- Japan
- Korea
- Luxembourg
- Mexico
- Netherlands
- New Zealand
- Norway
- Panama
- Portugal
- Singapore
- Spain
- Sweden
- Switzerland
- Taiwan
- United Kingdom
- United States
- Venezuela
-
Call for Sales.
Or we'll call you.
Existing customers, sign in to your business account or explore other support options.