In what might serve as a wake-up call for businesses to take immediate action to strengthen their cybersecurity posture and mitigate the risks posed by evolving cyber threats, Verizon Business recently released its 2025 Data Breach Investigations Report (DBIR) which revealed that third-party involvement in breaches doubled to 30%, and exploitation of vulnerabilities has surged by 34%, a significant increase in cyberattacks.
The report, which analyzed over 22,000 security incidents, including 12,195 confirmed data breaches, found that credential abuse (22%) and exploitation of vulnerabilities (20%) continue to be the leading initial attack vectors, highlighting the critical need for enhanced security measures.
“The DBIR’s findings underscore the importance of a multi-layered defense strategy,” Chris Novak, vice president, Global Cybersecurity Solutions, Verizon Business, said. “Businesses need to invest in robust security measures, including strong password policies, timely patching of vulnerabilities, and comprehensive security awareness training for employees.”
Key findings from the report emphasize the urgency for businesses to address cybersecurity threats:
- Exploitation of Vulnerabilities
- Ransomware
- Third-Party Involvement
- Human Element
The 2025 DBIR also shed light on industry-specific trends, revealing an alarming rise in espionage-motivated attacks in the manufacturing and health care sectors, and persistent threats to the education, financial and retail industries.
The report also highlighted the disproportionate impact of ransomware on small and medium-sized businesses (SMBs).
With the median ransom payment to cybercriminals last year being US$115,000, this is a significant amount for many SMBs. By adopting a proactive and comprehensive approach to cybersecurity, businesses can help safeguard their assets, protect their customers, and ensure their long-term success in an increasingly digital world.
“This year’s DBIR findings reflect a mixed bag of results. Glass-half-full types can celebrate the rise in the number of victim organizations that did not pay ransoms with 64% not paying vs 50% two years ago. The glass-half empty personas will see in the DBIR that organizations that don’t have the proper IT and cybersecurity maturity — often the SMB sized organizations, are paying the price for their size with ransomware being present in 88% of breaches,” Craig Robinson, research vice president, Security Services at IDC said. “While there is no magic pill to swallow that will alleviate the pain of cybersecurity attacks, Verizon’s leadership in educating the public on the types of attacker motives, tactics and techniques is a key head start in raising global awareness and cyber readiness”
