Cyber criminals continue to rely on familiar attack patterns such as phishing and ransomware, according to the latest Verizon Data Breach Investigations Report.

Among the global survey’s findings: 89% of attacks last year involved financial or espionage motivations; 85% exploited known vulnerabilities that have not been rectified; and 63% of confirmed data breaches involved using weak, default or stolen passwords.

Communications giant Verizon says understanding the “threat landscape” is the first step to addressing the issue.

Phishing – in which users receive an email from a fraudulent source – continued to prove an effective technique for cyber criminals.

Some 30% of phishing messages were opened (up from 23% in 2014), and in 13% of these cases malicious attachments or links were opened, causing malware to drop.

Human error was the leading cause of security incidents last year, with 26% of cases in this category involving sending sensitive information to the wrong person. Other errors in the category include improper disposal of company information, misconfiguration of IT systems and lost and stolen assets such as laptops and smartphones.

“You might say our findings boil down to one common theme: the human element,” Verizon Executive Director of Global Security Services Bryan Sartin said. “Despite advances in information security research and cyber-detection solutions and tools, we continue to see many of the same errors we’ve known about for more than a decade now.”

The global report includes contributions from the Australian Federal Police.