Limited Time Offer: Save up to 20% on a new CIS SecureSuite Membership | Learn more
Why CIS Solutions Join CIS Resources
CIS WorkBench Sign-in CIS WorkBench Sign In CIS Hardened Images CIS Hardened Images Support CIS Support


Who We Are

CIS is an independent, nonprofit organization with a mission to create confidence in the connected world

About Us Leadership Principles Testimonials


secure your organization
Secure Your Organization

secure specific platforms
Secure Specific Platforms

cis securesuite CIS SecureSuite® Learn More      Apply Now  
u s state local tribal and territorial governments
U.S. State, Local, Tribal & Territorial Governments

View All Products & Services  

Join CIS

Get Involved

Join CIS as a member, partner, or volunteer - or explore our career opportunities

CIS SecureSuite® Membership Multi-State ISAC (MS-ISAC®) Elections Infrastructure ISAC (EI-ISAC®) CIS CyberMarket® Vendors CIS Communities Careers




filter by topic
Filter by Topic

View All Resources  
CIS Logo Show Search Expand Menu

2020 Verizon DBIR Includes CIS Data and Mappings

CIS_DBIR-2020-Contributor_BadgeThe thirteenth Verizon Data Breach Investigations Report (DBIR) was released on May 19, 2020. Verizon may be most well-known for their leadership in telecoms, but they're also a leading provider of network cybersecurity services and solutions for organizations around the world. The DBIR is considered a must-read for both public and private organizations. The Center for Internet Security (CIS) has contributed best practice expertise to the DBIR again in 2020.

Data-based, Inclusive Approach

Verizon's partner-oriented approach to share data, analyze, and share results is perfectly consistent with the CIS “community-first” approach to cyber defense: shared problems require shared knowledge, leading to shared understanding and common solutions. CIS has been collaborating with Verizon and contributing to the DBIR since 2013. We're proud to have continued that participation for the 2020 report by providing expertise from our security best practice organization.

For the last 7 years, CIS has worked with Verizon to map the DBIR's summaries and patterns of attack to the CIS best practices, specifically the CIS Controls. This not only helps to improve the selection of controls covered, but also to help with the vital translation of attack information into positive, constructive action.

CIS Controls Section in the DBIR

For the first time, the 2020 Verizon DBIR integrated the CIS Controls throughout the report. For every sector, the Verizon DBIR lists relevant Controls in the "Top Controls" to show what mitigations are most effective against attacks for that sector. Additionally, there is a section dedicated to the CIS Controls that details the percentage of CIS Controls mapped to Verizon attack patterns. This close alignment with the CIS Controls emphasizes the importance of basic cyber hygiene, as outlined in CIS Controls Implementation Group 1, in preventing or mitigating the top 4 attacks and others outlined in the DBIR. This demonstrates the value of CIS Controls in helping organizations and sectors improve their cybersecurity programs.