Summary: The 2025 Verizon Data Breach Investigations Report reveals significant changes in the cyber threat landscape, notably a rise in vulnerability exploitation, which now accounts for 20% of breaches. Ransomware continues to be a major issue, particularly affecting small organizations, while third-party risks are also increasing. The report underscores the urgency of addressing vulnerabilities and mitigating risks associated with emerging technologies like Generative AI.
Affected: Organizations across multiple sectors
Keypoints :
- Exploitation of vulnerabilities has risen to 20% of breaches, up 34% from 2024.
- VPNs and edge devices are significant targets, now representing 22% of vulnerability exploitation.
- The median time to patch vulnerabilities is 32 days, while attackers exploit them immediately.
- Ransomware is present in 44% of breaches, with a decrease in median ransom payments.
- 30% of breaches involve third-party risks, with credential reuse being a common issue.
- 46% of compromised systems with corporate logins were non-managed devices.
- AI usage by threat actors is increasing, with doubled prevalence of malicious emails containing synthetically generated text.