In the past week, Verizon released its 2025 Data Breach Investigation Report (DBIR), curated using data obtained from numerous partners. Already the 18th annual edition, the latest report once again underscores that highly effective technical safeguards against phishing, pretexting and business email compromise (BEC) have long been essential for organizations.
For the 2025 DBIR, 22,052 security incidents at organizations of all kinds and sizes were analyzed, of which 12,915 were confirmed data breaches (defined as an event resulting in the confirmed disclosure of data to an unauthorized party). According to Verizon, this is the largest number of data breaches ever to be analyzed in a single report.
The exploitation of vulnerabilities grew to 20 percent, becoming the second most common initial vector of attack – hot on the heels of credential abuse at 22 percent. This represents an increase of 34 percent over the previous year, boosted in part by zero-day exploits targeting edge devices and virtual private networks (VPNs). Users were often unable to apply patches rapidly enough.
Ransomware, with or without encryption, also rose significantly (by 37 percent) and was present in 44 percent of all breaches reviewed, compared with 32 percent the previous year. One good development, however, is a decline in the median ransom paid from US$150,000 in the previous year to US$115,000. What’s more, 64 percent of the victim organizations chose not to pay the ransom, up from 50 percent just two years ago. SMBs were disproportionately impacted by ransomware attacks with 88 percent of their breaches involving ransomware, while at larger organizations ransomware played a part in 39 percent of breaches.
The number of data breaches in which the human factor was instrumental remained roughly the same as the previous year at 60 percent. The proportion of data breaches involving a third party (including software vulnerabilities) doubled from 15 to 30 percent. The authors pinpointed espionage as the motivation for 17 percent of the data breaches under review. This is ascribed, in part, to changes in the makeup of the report’s data contributors.
When it comes to social engineering, the incidents included in the report continued to be dominated by phishing (57 percent) and pretexting (30 percent). A relative newcomer in this segment is prompt bombing (14 percent), in which the victim is flooded with MFA login requests (multi-factor authentication).
AI and especially its generative variety (GenAI) has yet to assume a significant role as an attack vector. According to data provided by one of Verizon’s partners, the incidence of synthetically generated text in malicious emails has nevertheless doubled over the past two years. The authors identify the leakage of data to the GenAI platforms themselves as a more tangible threat. More than 15 percent of employees regularly access GenAI systems using company devices, often using private email addresses to identify their accounts or without using integrated authentication (shadow IT).
Those interested in cybersecurity will find the Data Breach Investigation Report worth reading in full – DBIR 2025 can be read online or downloaded for free after registering with Verizon.
