Verizon’s 2025 Data Breach Investigations Report: Alarming surge in cyberattacks through third-parties

Rhea-AI Summary

Verizon Business has released its 2025 Data Breach Investigations Report (DBIR), revealing alarming trends in cybersecurity threats. The analysis of 22,000 security incidents, including 12,195 confirmed breaches, shows that third-party involvement in breaches has doubled to 30%, while vulnerability exploitation increased by 34%.

Key findings include:

• Credential abuse (22%) and vulnerability exploitation (20%) are leading attack vectors
• Ransomware attacks increased 37%, present in 44% of breaches
• Median ransom payment was US$115,000
• 88% of SMB breaches involved ransomware

The report highlights increased espionage-motivated attacks in Manufacturing and Healthcare sectors, with persistent threats to Education, Financial, and Retail industries. Positively, 64% of organizations did not pay ransoms, up from 50% two years ago.

Positive

• More organizations refusing to pay ransoms (64% vs 50% two years ago)
• Comprehensive analysis of 22,000 security incidents provides valuable threat intelligence

Negative

• 37% increase in ransomware attacks, present in 44% of breaches
• Third-party breach involvement doubled to 30%
• 34% surge in vulnerability exploitation attacks
• SMBs disproportionately affected with ransomware in 88% of breaches
• High median ransom payment of $115,000 impacting business finances

BASKING RIDGE, N.J., April 23, 2025 (GLOBE NEWSWIRE) -- Verizon Business today released its 2025 Data Breach Investigations Report (DBIR), which reveals a significant increase in cyberattacks. The report found that third-party involvement in breaches has doubled to 30%, and exploitation of vulnerabilities has surged by 34%, creating a concerning threat landscape for businesses globally.

The report, which analyzed over 22,000 security incidents, including 12,195 confirmed data breaches, found that credential abuse (22%) and exploitation of vulnerabilities (20%) continue to be the leading initial attack vectors, highlighting the critical need for enhanced security measures.

"The DBIR's findings underscore the importance of a multi-layered defense strategy," said Chris Novak, Vice President, Global Cybersecurity Solutions, Verizon Business. "Businesses need to invest in robust security measures, including strong password policies, timely patching of vulnerabilities, and comprehensive security awareness training for employees."

Key findings from the report emphasize the urgency for businesses to address cybersecurity threats:

• Exploitation of Vulnerabilities: This initial attack vector saw a 34% increase, with a significant focus on zero-day exploits targeting perimeter devices and VPNs
• Ransomware: Ransomware attacks rose by 37% since last year, and are now present in 44% of breaches, despite a noticeable decrease in the median ransom amount paid
• Third-Party Involvement: The percentage of breaches involving third parties doubled, highlighting the risks associated with supply chain and partner ecosystems
• Human Element: Human involvement in breaches remains high, with a significant overlap between social engineering and credential abuse

The 2025 DBIR also shed light on industry-specific trends, revealing an alarming rise in espionage-motivated attacks in the Manufacturing and Healthcare sectors, and persistent threats to the Education, Financial, and Retail industries. The report also highlighted the disproportionate impact of ransomware on small and medium-sized businesses (SMBs).

Verizon Business's 2025 DBIR serves as a wake-up call for businesses to take immediate action to strengthen their cybersecurity posture and mitigate the risks posed by evolving cyber threats. With the median ransom payment to cybercriminals last year being US$115,000, this is a significant amount for many SMBs. By adopting a proactive and comprehensive approach to cybersecurity, businesses can help safeguard their assets, protect their customers, and ensure their long-term success in an increasingly digital world.

“This year’s DBIR findings reflect a mixed bag of results. Glass-half-full types can celebrate the rise in the number of victim organizations that did not pay ransoms with 64% not paying vs 50% two years ago. The glass-half empty personas will see in the DBIR that organizations that don’t have the proper IT and cybersecurity maturity – often the SMB sized organizations, are paying the price for their size with ransomware being present in 88% of breaches,” said Craig Robinson, Research Vice President, Security Services at IDC. “While there is no magic pill to swallow that will alleviate the pain of cybersecurity attacks, Verizon’s leadership in educating the public on the types of attacker motives, tactics and techniques is a key head start in raising global awareness and cyber readiness.”

To learn more about cybersecurity and actionable guidance to create a safer digital world visit our Cybersecurity Awareness page.

About Verizon Business
Verizon Business is a global leader in providing communication and technology solutions to businesses of all sizes. With a comprehensive portfolio of services, including network, cloud, security, and collaboration solutions, Verizon Business helps organizations improve their operations, enhance their customer experiences, and drive innovation.

Verizon Communications Inc. (NYSE, Nasdaq: VZ) powers and empowers how its millions of customers live, work and play, delivering on their demand for mobility, reliable network connectivity and security. Headquartered in New York City, serving countries worldwide and nearly all of the Fortune 500, Verizon generated revenues of $134.8 billion in 2024. Verizon’s world-class team never stops innovating to meet customers where they are today and equip them for the needs of tomorrow. For more, visit verizon.com or find a retail location at verizon.com/stores.

VERIZON’S ONLINE MEDIA CENTER: News releases, stories, media contacts and other resources are available at verizon.com/news. News releases are also available through an RSS feed. To subscribe, visit www.verizon.com/about/rss-feeds/.

Media contact:
Carlos Arcila
carlos.arcila@verizon.com 

FAQ

What are the key findings of Verizon's 2025 DBIR report regarding ransomware attacks?

Ransomware attacks increased by 37% and were present in 44% of breaches, with SMBs particularly affected (88% of their breaches). The median ransom payment was $115,000.

How has third-party involvement in data breaches changed according to VZ's 2025 report?

Third-party involvement in breaches doubled to 30%, highlighting increased risks in supply chain and partner ecosystems.

What are the main initial attack vectors identified in Verizon's 2025 security report?

The main attack vectors are credential abuse (22%) and exploitation of vulnerabilities (20%), with vulnerability exploitation increasing by 34%.

Which industries are most targeted by espionage-motivated attacks according to VZ's 2025 DBIR?

Manufacturing and Healthcare sectors showed an alarming rise in espionage-motivated attacks, while Education, Financial, and Retail industries face persistent threats.

What percentage of organizations refused to pay ransoms according to Verizon's 2025 report?

64% of victim organizations did not pay ransoms, an improvement from 50% two years ago.