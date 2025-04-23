Verizon

– Craig Robinson, Research Vice President, Security Services at IDC, April 2025





Recommended Stories

Verizon

Verizon

One of the more concerning trends? Breaches involving third parties have doubled, jumping from 15% to 30%. This throws a spotlight on the dangers lurking in supply chains and partner networks. Human error is still a major player, too, with around 60% of breaches involving people in some way – social engineering and credential abuse are the usual suspects.There were also a few standout cases involving credential reuse in third-party environments. One stat that really pops: when secrets were leaked on GitHub, it took a median of 94 days to fix the issue.also found that 30% of compromised systems tied to info-stealer malware were clearly company-owned, but nearly half of them weren't managed properly and contained both personal and work logins. That is a big red flag, especially in BYOD setups or when employees stretch company policies.​​Espionage-motivated breaches are creeping up, too, now making up 17% of all cases. But here is the twist – about 28% of incidents tied to state-sponsored groups weren't about spying at all but were financially motivated.And, of course, AI is starting to show up in the mix. While generative AI hasn't taken over the world (yet), threat actors are already using it. One of's partners noted that AI-generated content in malicious emails has doubled in the last two years.