Exploited vulnerabilities became the leading initial access vector in Verizon’s latest Data Breach Investigations Report, accounting for 31% of breaches as organizations struggled to patch CISA KEV flaws quickly enough. The report also found ransomware remained highly disruptive, representing 48% of breaches even as ransom payments declined and many victims refused to pay. #CISA #KEV #VerizonDBIR #Ransomware
Keypoints
- Exploited vulnerabilities were the top initial access vector in 2025 breaches.
- Only 26% of critical CISA KEV vulnerabilities were fully remediated.
- The median time to fully patch vulnerabilities increased to 43 days.
- Ransomware accounted for 48% of all breaches last year.
- Most breaches were financially motivated, with espionage making up the rest.
Read More: https://cyberscoop.com/verizon-data-breach-investigations-report-2026/