Ddos 
The 2025 Verizon Data Breach Investigations Report (DBIR) has brought to light some important shifts in the cyber threat landscape that organizations need to pay attention to. The report, which analyzed 12,195 confirmed data breaches, reveals that the exploitation of vulnerabilities is becoming a major initial access point for attackers.
Vulnerability Exploitation on the Rise
A key finding of the 2025 DBIR is the significant growth in the exploitation of vulnerabilities as a way for attackers to initially breach systems. In fact, it has reached 20% of breaches, marking a 34% increase from the previous year. This is getting close to the frequency of credential abuse, which stands at 22%.
The report emphasizes the increasing risk associated with edge devices and VPNs, which now account for 22% of vulnerability exploitation targets. This is a huge jump from just 3% in 2024. Attackers are clearly targeting these vulnerable points to gain access to internal networks.
The Patching Time Gap
The DBIR highlights a critical issue: the time it takes organizations to patch edge device vulnerabilities. The median time to fully remediate these vulnerabilities was 32 days, while the median time for mass exploitation was zero days. This means attackers are often exploiting vulnerabilities as soon as they are known, leaving organizations in a highly vulnerable position.
Ransomware Trends
Ransomware continues to be a major threat, with its presence in analyzed breaches growing by 37%, now appearing in 44% of all breaches. Interestingly, while ransomware is on the rise, the median ransom payment has decreased to $115,000 from $150,000 the previous year. Also, more victims are refusing to pay ransoms, with 64% choosing not to pay compared to 50% two years ago.
The report also indicates that small organizations are disproportionately affected by ransomware. SMBs experienced ransomware in a staggering 88% of breach incidents, compared to 39% for larger organizations.
Third-Party Risks
The 2025 DBIR emphasizes the growing risk associated with third-party involvement in breaches, which has doubled to 30%. Credential reuse in third-party environments is a common issue. The report also found that the median time to remediate leaked secrets discovered in GitHub repositories was 94 days.
Espionage-motivated breaches have also increased significantly to 17%, with these attackers often exploiting vulnerabilities as an initial access method.
BYOD and GenAI
The report sheds light on risks related to non-managed devices and the use of Generative AI (GenAI) in corporate settings.
- 46% of compromised systems with corporate logins were non-managed devices, highlighting the risks of Bring Your Own Device (BYOD) policies.
- 15% of employees routinely access GenAI systems on corporate devices.
- Of those, 72% used non-corporate emails, and 17% used corporate emails without integrated authentication systems.
- The use of AI by threat actors is also on the rise, with the analysis indicating that “synthetically generated text in malicious emails has doubled over the past two years”.
Overall, the 2025 DBIR provides valuable insights into the current cyber threat landscape, highlighting the importance of vulnerability management, third-party risk mitigation, and addressing emerging threats like those associated with GenAI.
Donate