CIS Controls Featured as Recommended Defenses in Verizon's 2024 Data Breach Investigations Report


EAST GREENBUSH, N.Y.,  May 21, 2024 — The Center for Internet Security, Inc. (CIS®) is proud to announce that its CIS Critical Security Controls®(CIS Controls®) have been featured once again as recommended defenses against top threats in the  Verizon 2024 Data Breach Investigations Report (DBIR).

The 2024 Verizon DBIR provides a robust assessment of thousands of incidents worldwide, focusing on prevalent attack vectors and emerging trends in data breaches. Enterprises use the Verizon DBIR to inform and update their cybersecurity programs. As such, the DBIR points to the CIS Controls as mitigations to these pervasive attacks. The CIS Controls and supporting safeguards are a recognized set of globally acknowledged best practices for securing IT systems and data.

The CIS Controls offer a prioritized and actionable way to protect organizations against prevalent cyber threats. By incorporating the CIS Controls, Verizon continually emphasizes a proactive approach toward cybersecurity.  

“The DBIR provides valuable insights into the threat landscape, helping businesses around the globe mitigate risks and fortify defenses,” said Philippe Langlois, Lead Data Scientist for the Verizon DBIR. “By integrating the CIS Controls into our recommendations, we aim to provide easy-to-implement measures that can significantly enhance an organization's security posture.”

Verizon's DBIR provides an insightful perspective on data breaches, acting as a compass for organizations navigating through cybersecurity adversities. The report specifies that the CIS Controls offer organizations a tactical advantage in thwarting cyber threats. They defend against security breaches by providing proactive defense mechanisms designed to tackle potential risks before they can be exploited.

"The remarkable synergy between the CIS Controls and the Verizon DBIR is on full display in 2024, where they offer meaningful defensive actions toward improved cybersecurity," said Phyllis Lee, VP of Security Best Practices Content Development at CIS. "Together, they underscore the importance of adopting a data-driven approach to security decisions underpinned by practical actions articulated by the CIS Controls."

The release of the 2024 DBIR highlights Verizon’s commitment to leading-edge solutions that protect digital ecosystems. It reflects the business’ unwavering dedication to fostering a safer cyberspace by providing actionable knowledge that matters most – how to prevent data breaches from happening.

Join CIS and Verizon for a free webinar titled, “2024 Verizon DBIR Findings and how the CIS Critical Security Controls can Help to Mitigate Risk to Your Organization" on June 11, 2024 from 2:00–3:30 p.m. ET. The webinar will highlight the collaboration efforts between CIS and Verizon, key insights and findings from this year’s report, how to leverage the data from the 2024 report, and more.

Register for the webinar here.

For more information about the CIS Controls or its inclusion in the Verizon 2024 DBIR, contact [email protected].



About CIS

The Center for Internet Security, Inc. (CIS®) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation. We are a community-driven nonprofit, responsible for the CIS Controls® and CIS Benchmarks, globally recognized best practices for securing IT systems and data. We lead a global community of IT professionals to continuously evolve these standards and provide products and services to proactively safeguard against emerging threats. Our CIS Hardened Images® provide secure, on-demand, scalable computing environments in the cloud. CIS is home to the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the trusted resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial government entities, and the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®), which supports the rapidly changing cybersecurity needs of U.S. elections offices. To learn more, visit or follow us on X: @CISecurity.