Verizon’s 2025 DBIR Reveals Vulnerability Exploits Are Driving a Surge in Data Breaches

    April 23, 2025
    The latest Data Breach Investigations Report from Verizon highlights a 34% increase in the use of vulnerability exploitation as a breach entry point, underscoring the urgent need for proactive security patching and threat detection.
    Verizon Data Breach Investigations Report (DBIR)
    Exploitation of known vulnerabilities is on the rise, with the 2025 Verizon DBIR revealing a 34% increase in this tactic as an initial breach vector — now responsible for one in five data breaches.
    Exploitation of known vulnerabilities is on the rise, with the 2025 Verizon DBIR revealing a 34% increase in this tactic as an initial breach vector — now responsible for one in five data breaches.

    Verizon Business released its 2025 Data Breach Investigations Report (DBIR), which reveals a significant increase in cyberattacks. The report found that third-party involvement in breaches has doubled to 30%, and exploitation of vulnerabilities has surged by 34%, creating a concerning threat landscape for businesses globally.

    The report, which analyzed over 22,000 security incidents, including 12,195 confirmed data breaches, found that credential abuse (22%) and exploitation of vulnerabilities (20%) continue to be the leading initial attack vectors, highlighting the critical need for enhanced security measures.

    "The DBIR's findings underscore the importance of a multi-layered defense strategy," said Chris Novak, Vice President, Global Cybersecurity Solutions, Verizon Business. "Businesses need to invest in robust security measures, including strong password policies, timely patching of vulnerabilities, and comprehensive security awareness training for employees."

    Key findings from the report emphasize the urgency for businesses to address cybersecurity threats:

    • Exploitation of Vulnerabilities: This initial attack vector saw a 34% increase, with a significant focus on zero-day exploits targeting perimeter devices and VPNs
    • Ransomware: Ransomware attacks rose by 37% since last year, and are now present in 44% of breaches, despite a noticeable decrease in the median ransom amount paid
    • Third-Party Involvement: The percentage of breaches involving third parties doubled, highlighting the risks associated with supply chain and partner ecosystems
    • Human Element: Human involvement in breaches remains high, with a significant overlap between social engineering and credential abuse

    The 2025 DBIR also shed light on industry-specific trends, revealing an alarming rise in espionage-motivated attacks in the Manufacturing and Healthcare sectors, and persistent threats to the Education, Financial, and Retail industries. The report also highlighted the disproportionate impact of ransomware on small and medium-sized businesses (SMBs).

    Verizon Business's 2025 DBIR serves as a wake-up call for businesses to take immediate action to strengthen their cybersecurity posture and mitigate the risks posed by evolving cyber threats. With the median ransom payment to cybercriminals last year being US$115,000, this is a significant amount for many SMBs. By adopting a proactive and comprehensive approach to cybersecurity, businesses can help safeguard their assets, protect their customers, and ensure their long-term success in an increasingly digital world.

    Craig Robinson, Research Vice President of Security Services at IDC, said the DBIR findings are a "mixed bag." He pointed out that while it's encouraging to see more organizations refusing to pay ransoms — 64% compared to 50% two years ago — ransomware still plays a major role in breaches, particularly for SMBs lacking mature cybersecurity measures.

    “There is no magic pill to alleviate the pain of cybersecurity attacks,” he added, but praised Verizon’s efforts to raise global awareness through education on attacker motives, tactics, and techniques.

    Rethinking Ransomware Defense: Moving from Reaction to Prevention