Verizon’s 2025 Data Breach Investigations Report: System Intrusion Breaches Double in EMEA

Rhea-AI Summary

Verizon Business has released its 2025 Data Breach Investigations Report (DBIR), revealing significant increases in global cybersecurity threats. The report analyzed over 22,000 security incidents, including 12,195 confirmed data breaches.

Key findings show system intrusion breaches in EMEA nearly doubled to 53%, while third-party involvement in breaches doubled to 30%. Vulnerability exploitation increased 34% globally. In EMEA, 29% of breaches originated internally, compared to just 1% in APAC and 5% in North America.

The report highlights concerning trends including:

• 37% increase in ransomware attacks, now present in 44% of breaches
• Manufacturing sector saw espionage-motivated breaches surge sixfold to 20%
• Retail experienced a 15% increase in cyber incidents since 2024
• 64% of organizations did not pay ransoms, up from 50% two years ago

Positive

• Higher percentage of organizations (64% vs 50%) refusing to pay ransoms shows improved resilience
• Decline in internal threats by 41% in EMEA region

Negative

• System intrusion breaches doubled to 53% in EMEA
• Ransomware attacks increased by 37% globally
• Third-party breach involvement doubled to 30%
• Vulnerability exploitation increased by 34% globally
• Manufacturing sector experienced 600% increase in espionage-motivated breaches
• Retail cyber incidents increased by 15% since 2024

LONDON, April 23, 2025 (GLOBE NEWSWIRE) -- Verizon Business today released its 2025 Data Breach Investigations Report (DBIR), revealing a dramatic surge in global data breaches, with EMEA experiencing a significant increase in system intrusion breaches. These breaches have skyrocketed, nearly doubling to 53% of breaches in the region in just one year.

The 2025 DBIR, which analysed over 22,000 security incidents, including 12,195 confirmed data breaches, found third-party involvement doubling to 30% in this year's report and a 34% surge in vulnerability exploitation globally. In EMEA, nearly a third (29%) of breaches originated from within the organisation, a stark contrast to APAC, where only 1% of threats are from internal actors, and North America, where internal threats account for just 5% of breaches. Although EMEA experienced the highest percentage of breaches caused by internal actors, the number of insiders decreased by 41% in 2025. This decline was due to a faster increase in other types of breaches.

“The alarming rate of employee-driven breaches in EMEA underscores a critical need for businesses to strengthen their internal cybersecurity. Organisations must go beyond guarding against external threats and foster a culture of security awareness and accountability within,” said Sanjiv Gossain, Group Vice President and Head of EMEA of Verizon Business. “The surge in system intrusions across EMEA is a clear warning to organisations to urgently fortify both external defenses and internal controls through comprehensive employee training, robust access controls, and zero-trust frameworks.”

Key EMEA Findings:

• System Intrusion Threats: System intrusion breaches surged to 53%, nearly double last year’s rate of 27%
• Insider Leaks: 29% of breaches originate from within EMEA organisations, with 19% attributed to unintentional mistakes and 8% involving misuse, such as unauthorised use of data that violates the organisation’s policies
• Social Engineering: The second-most common incident pattern in the region, with phishing appearing in 19% of breaches in EMEA
  

Key Global Findings:

• Exploitation of Vulnerabilities: This initial attack vector saw a 34% increase, with a significant focus on zero-day exploits targeting perimeter devices and VPNs
• Ransomware: Ransomware attacks rose by 37% since last year, and are now present in 44% of breaches, despite a noticeable decrease in the median ransom amount paid
• Third-Party Involvement: The percentage of breaches involving third parties doubled, highlighting the risks associated with supply chain and partner ecosystems
• Human Element: Human involvement in breaches remains high, with a significant overlap between social engineering and credential abuse

“The DBIR's findings underscore the importance of a multi-layered defense strategy,” said Chris Novak, Vice President, Global Cybersecurity Solutions, Verizon Business. “Businesses need to invest in robust security measures, including strong password policies, timely patching of vulnerabilities, and comprehensive security awareness training for employees.”

Sector Spotlight: Manufacturing Hit by Sixfold Surge in Espionage Attacks

The 2025 DBIR exposes alarming cybersecurity shifts targeting key industries worldwide. Manufacturing has experienced a dramatic, nearly sixfold surge in espionage-motivated breaches, jumping to 20% from just 3% last year. Healthcare similarly faces rising espionage threats, while Education and Financial industries also continue to battle persistent cybersecurity challenges.

Retail organisations have weathered a 15% increase in cyber incidents since 2024, with attackers now pivoting away from payment card data toward easier targets such as customer credentials, business plans, and reports.

This year's findings serve as a critical warning for businesses globally—including those in EMEA—to take immediate, decisive action. Organisations must strengthen their cybersecurity defenses against these evolving threats to protect vital assets, maintain customer trust, and ensure sustainable success in today's digital landscape.

“This year’s DBIR findings reflect a mixed bag of results. Glass-half-full types can celebrate the rise in the number of victim organisations that did not pay ransoms with 64% not paying vs 50% two years ago. The glass-half empty personas will see in the DBIR that organisations that don’t have the proper IT and cybersecurity maturity – often the SMB sized organisations, are paying the price for their size with ransomware being present in 88% of breaches,” said Craig Robinson, Research Vice President, Security Services at IDC. “While there is no magic pill to swallow that will alleviate the pain of cybersecurity attacks, Verizon’s leadership in educating the public on the types of attacker motives, tactics and techniques is a key head start in raising global awareness and cyber readiness.”

Visit our Cybersecurity Awareness page to learn more about data privacy and Verizon’s efforts.

About Verizon Business
Verizon Business is a global leader in providing communication and technology solutions to businesses of all sizes. With a comprehensive portfolio of services, including network, cloud, security, and collaboration solutions, Verizon Business helps organizations improve their operations, enhance their customer experiences, and drive innovation.

Verizon Communications Inc. (NYSE, Nasdaq: VZ) powers and empowers how its millions of customers live, work and play, delivering on their demand for mobility, reliable network connectivity and security. Headquartered in New York City, serving countries worldwide and nearly all of the Fortune 500, Verizon generated revenues of $134.8 billion in 2024. Verizon’s world-class team never stops innovating to meet customers where they are today and equip them for the needs of tomorrow. For more, visit verizon.com or find a retail location at verizon.com/stores.

VERIZON’S ONLINE MEDIA CENTER: News releases, stories, media contacts and other resources are available at verizon.com/news. News releases are also available through an RSS feed. To subscribe, visit www.verizon.com/about/rss-feeds/.

Media contact:
Sebrina Kepple
sebrina.kepple@verizon.com  

FAQ

What are the key findings of Verizon's 2025 DBIR report for EMEA region?

EMEA saw system intrusion breaches double to 53%, with 29% of breaches originating internally. Social engineering was the second most common incident pattern, with phishing present in 19% of breaches.

How much did ransomware attacks increase in Verizon's 2025 security report?

Ransomware attacks increased by 37% compared to the previous year and were present in 44% of all breaches.

What percentage of organizations refused to pay ransoms according to VZ's 2025 report?

64% of victim organizations did not pay ransoms, an improvement from 50% two years ago.

How did manufacturing sector cyber espionage change in Verizon's 2025 report?

Manufacturing sector experienced a dramatic sixfold increase in espionage-motivated breaches, rising from 3% to 20%.

What is the status of third-party involvement in data breaches according to VZ's 2025 DBIR?

Third-party involvement in breaches doubled to 30%, highlighting increased risks in supply chain and partner ecosystems.