;)
The 2025 Verizon Data Breach Investigations Report (DBIR) introduces several notable shifts and emerging trends compared to previous years. Below are the 6 most significant and novel changes highlighted in this year’s report:
- System intrusion, encompassing multi-step attacks involving hacking, malware, and ransomware, surged from 36% in 2024 to 53% in 2025, becoming the leading breach pattern. This trend indicates that attackers are increasingly orchestrating complex campaigns rather than relying on simpler methods.
- Third-party involvement in breaches has doubled, rising from 15% to 30%, highlighting the growing systemic risk from partner ecosystems and supply chains. This underscores the fragile nature of modern interconnected business environments and the blurred lines of accountability in data breaches.
- Exploitation of vulnerabilities, particularly zero-day exploits targeting edge devices and VPNs, has skyrocketed by 34%. The number of edge and VPN flaws increased eightfold, with only 54% being patched and a median fix time of 32 days.
- Ransomware remains prevalent, present in 44% of breaches in 2025—a 37% increase from the previous year—although the median ransom payment fell to $115,000, and 64% of victims refused to pay. Small and medium-sized businesses (SMBs) were especially hard-hit, with ransomware implicated in 88% of their breaches.
- Stolen credentials and infostealers have become primary entry points for attackers, with credential abuse accounting for 22% of breaches and infostealers compromising 30% of corporate and 46% of unmanaged devices. Secrets leakage and credential reuse are persistent issues, particularly among developers and operations teams.
- Human error contributed to 60% of breaches, although user reporting increased fourfold following training. Social engineering continues to be a critical challenge, accounting for 17% of attacks, demonstrating ongoing issues with phishing and user-targeted tactics. Espionage-motivated breaches surged by 163%, now representing 17% of incidents, with notable increases in the manufacturing and healthcare sectors. The introduction of generative AI tools has exposed new risks, with 15% of staff accessing these tools and 72% using personal email accounts, raising concerns about data sprawl and weak governance. Business Email Compromise (BEC) losses climbed to $6.3 billion, with a median loss of $50,000 per incident.
These key shifts in the 2025 Verizon DBIR underscore the evolving nature of cyber threats and the importance of adaptive security measures.
Summary Table: Key Shifts in Verizon Data Breach Investigations Report 2025
| Change/Trend | 2024 Value | 2025 Value | Notable Impact/Observation |
| System Intrusion Breach Pattern | 36% | 53% | Now the dominant breach type |
| Third-Party Involvement | 15% | 30% | Supply chain risk doubled |
| Ransomware Presence in Breaches | 32% | 44% | Higher prevalence, lower median payout |
| Vulnerability Exploitation | N/A | +34% | Focus on edge/VPN devices, patching lag |
| Espionage-Related Breaches | N/A | +163% | Major increase, esp. in manufacturing/health |
| Human Error Contribution | N/A | 60% | Still a leading factor |
Conclusion
The 2025 Verizon Data Breach Investigations Report reports a significant increase in system intrusions, double the involvement of third-party breaches, and an increased exploitation of vulnerabilities, particularly at the edge. Ransomware remains prevalent, but changes are observed in payment methods and victim responses.
The integration of infostealers, credential abuse, and unsanctioned AI usage has added complexity to the threat landscape. These developments highlight the importance for organizations to reassess their security frameworks, focus on supply chain and vulnerability management, and invest in comprehensive user training and governance.
