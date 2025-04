Verizon

– Chris Novak, Vice President, Global Cybersecurity Solutions, Verizon Business, April 2025

The key takeaways from Verizon 's 117-page Data Breach Investigations Report? Things are getting worse on pretty much every front. For starters, there has been a 34% spike in attacks that exploit system vulnerabilities – zero-day exploits are especially on the rise, hitting perimeter hardware and VPNs hard. Ransomware isn't slowing down either, now showing up in 44% of breaches – up 37% from last year – even though the average payout actually dropped.



Receive the latest Verizon news Subscribe By subscribing you agree to our terms and conditions and privacy policy The key takeaways from's 117-page Data Breach Investigations Report? Things are getting worse on pretty much every front. For starters, there has been a 34% spike in attacks that exploit system vulnerabilities – zero-day exploits are especially on the rise, hitting perimeter hardware and VPNs hard. Ransomware isn't slowing down either, now showing up in 44% of breaches – up 37% from last year – even though the average payout actually dropped.

– Craig Robinson, Research Vice President, Security Services at IDC, April 2025

One of the more concerning trends? Breaches involving third parties have doubled, jumping from 15% to 30%. This throws a spotlight on the dangers lurking in supply chains and partner networks. Human error is still a major player, too, with around 60% of breaches involving people in some way – social engineering and credential abuse are the usual suspects.



Recommended Stories There were also a few standout cases involving credential reuse in third-party environments. One stat that really pops: when secrets were leaked on GitHub, it took a median of 94 days to fix the issue. Verizon also found that 30% of compromised systems tied to info-stealer malware were clearly company-owned, but nearly half of them weren't managed properly and contained both personal and work logins. That is a big red flag, especially in BYOD setups or when employees stretch company policies.



​​Espionage-motivated breaches are creeping up, too, now making up 17% of all cases. But here is the twist – about 28% of incidents tied to state-sponsored groups weren't about spying at all but were financially motivated.



And, of course, AI is starting to show up in the mix. While generative AI hasn't taken over the world (yet), threat actors are already using it. One of Verizon 's partners noted that AI-generated content in malicious emails has doubled in the last two years. One of the more concerning trends? Breaches involving third parties have doubled, jumping from 15% to 30%. This throws a spotlight on the dangers lurking in supply chains and partner networks. Human error is still a major player, too, with around 60% of breaches involving people in some way – social engineering and credential abuse are the usual suspects.There were also a few standout cases involving credential reuse in third-party environments. One stat that really pops: when secrets were leaked on GitHub, it took a median of 94 days to fix the issue.also found that 30% of compromised systems tied to info-stealer malware were clearly company-owned, but nearly half of them weren't managed properly and contained both personal and work logins. That is a big red flag, especially in BYOD setups or when employees stretch company policies.​​Espionage-motivated breaches are creeping up, too, now making up 17% of all cases. But here is the twist – about 28% of incidents tied to state-sponsored groups weren't about spying at all but were financially motivated.And, of course, AI is starting to show up in the mix. While generative AI hasn't taken over the world (yet), threat actors are already using it. One of's partners noted that AI-generated content in malicious emails has doubled in the last two years.





After Verizon 's Q1 earnings report , the US's largest mobile carrier followed up with another eye-opening update on online security and the outlook isn't looking great.has just dropped its annual Data Breach Investigations Report and this year, it has gone all out with data collection. The company has analyzed over 12,000 confirmed breaches, providing deep insights into trends like ransomware attacks and espionage-driven breaches.