The rising cost and increasing frequency of ransomware highlights the 16th annual release of Verizon Business’s Data Breach Investigations Report. The report also found that human error was a big cause of data breaches.

The report found that the median cost of ransomware doubled during the past two years to reach $26,000, with 95% of attacks costing between $1 and $2.25 million. Incidents are increasing as well: During the past two years there were more ransomware attacks than the previous five years combined. Ransomware attacks represented 24% of all breaches, the report said.

Mistakes by humans were a factor in 74% of all breaches. High on the list of this broad category is “social engineering phishing” exploits in which a hacker gets somebody within the organization to click on a malicious link.

“Senior leadership represents a growing cybersecurity threat for many organizations,” Chris Novak, the Managing Director of Cybersecurity Consulting at Verizon Business, said in a press release. “Not only do they possess an organization’s most sensitive information, they are often among the least protected, as many organizations make security protocol exceptions for them. With the growth and increasing sophistication of social engineering, organizations must enhance the protection of their senior leadership now to avoid expensive system intrusions.”

Other highlights from the report:

· Only 3% of threat actors were motivated by espionage. The other 97% were motivated by financial gain.

· 32% of yearly Log4j vulnerability scanning occurred in the first 30 days after its release..

· External actors leveraged a variety of different techniques to gain entry to an organization, such as using stolen credentials (49%), phishing (12%) and exploiting vulnerabilities (5%).

The report was based on an analysis of 16,312 security incidents and 5,199 breaches.