Is Your Business Prepared for Today’s Cybersecurity Threats?

Verizon has released its 18th annual Data Breach Investigations Report (DBIR), analyzing 22,052 security incidents, including 12,195 confirmed data breaches¹. This comprehensive analysis reveals critical trends that every business should understand to better protect their data and operations.

What keeps other CEOs up at night? Read on to discover the most pressing cybersecurity threats of 2025.

You can download the full 2025 DBIR report from Verizon’s website.

Third-Party Risk Reaches New Heights

Perhaps the most alarming finding is the dramatic increase in third-party involvement in breaches. The report shows that third parties were involved in 30% of all analyzed breaches, doubling from approximately 15% last year².

Ask yourself: How many vendors have access to your sensitive data right now? Are you confident in their security practices?

Let’s look at some of the major incidents that happened this year:

• The Snowflake incident shows just how bad things can get. Hackers got in using stolen passwords because MFA wasn’t required (yikes!). They then built specialized tools just to find, exploit, and steal data from Snowflake accounts. About 165 organizations were hit, and roughly 80% of those compromised accounts had their credentials exposed somewhere else before the attack³.

• We also saw major breaches at CDK Global, Blue Yonder, and Change Healthcare. These didn’t just expose millions of records – they caused serious downtime for businesses in healthcare, retail, and food service industries⁴. Imagine your business grinding to a halt because a vendor got breached!

Vulnerability Exploitation on the Rise

Exploitation of vulnerabilities has grown significantly as an initial access vector for breaches, reaching 20% - a 34% increase from last year⁵. This brings it closer to credential abuse, which remains the most common vector at 22%. The growth was partly driven by zero-day exploits targeting edge devices and virtual private networks (VPNs).

The percentage of edge devices and VPNs as targets in vulnerability exploitation actions was 22%, an eight-fold increase from the 3% found in last year’s report⁶. Organizations worked diligently to patch these vulnerabilities, but only about 54% were fully remediated throughout the year, with a median remediation time of 32 days⁷.

Most concerning is the speed at which vulnerabilities are being exploited. The median time for a CISA KEV vulnerability to be mass exploited was five days, but for edge device vulnerabilities, that median dropped to zero - 9 of 17 studied vulnerabilities were published on the KEV list the day of or earlier than their CVE publication⁸.

Think about it: Could your organization patch critical vulnerabilities within 24 hours if necessary? What’s your contingency plan if you can’t?

Ransomware: Still Growing, But With Some Good News

Ransomware (with or without encryption) saw a significant 37% increase from last year, present in 44% of all analyzed breaches, up from 32%⁹. However, there is a silver lining: the median amount paid to ransomware groups has decreased to $115,000 (from $150,000 last year), and 64% of victim organizations did not pay ransoms, up from 50% two years ago¹⁰.

Small organizations are disproportionately affected by ransomware. While ransomware is a component in 39% of breaches at larger organizations, small and medium-sized businesses experienced ransomware-related breaches at a staggering rate of 88% overall¹¹.

Have you tested your ransomware response plan lately? Or would your team be making critical decisions under extreme pressure for the first time?

The Human Element Remains Critical

While the involvement of the human element in breaches remained steady at around 60%, this continues to be a significant factor in security incidents¹². Social Engineering remains a top pattern, with Phishing and Pretexting as the main techniques used to con employees.

As defenders improve through training and hardening user accounts, attackers are adapting their techniques. New threats like “Prompt bombing” have emerged, where users are bombarded with MFA login requests in hopes they will approve one just to make them stop¹³.

There is compelling evidence that security training works: Organizations with recent phishing training saw employees report phishing emails at a significantly higher rate - about 21% compared to a base rate of 5%, representing a four-fold increase¹⁴.

What was the last security training your leadership team completed? Would your executives recognize today’s sophisticated phishing attempts?

Emerging AI Threats and Risks

Despite concerns about how generative AI would transform the threat landscape, its impact remains limited so far. However, data shows a measurable increase in malicious AI-written emails, which have doubled (from around 5% to 10%) over the past two years¹⁵.

A more immediate AI risk comes from corporate data leakage to generative AI platforms. The report found that 15% of employees were routinely accessing GenAI systems on their corporate devices (at least once every 15 days). Even more concerning, a large number of those were either using non-corporate emails as identifiers (72%) or using their corporate emails without integrated authentication systems (17%), suggesting use outside of corporate policy¹⁶.

How many of your employees are pasting confidential information into ChatGPT right now? Do you have policies in place to prevent it?

Espionage on the Rise

The report shows significant growth in Espionage-motivated breaches, now at 17%¹⁷. This rise was partially due to changes in the report’s contributor makeup, but also reflects real-world increases in such activities. These breaches leveraged the exploitation of vulnerabilities as an initial access vector 70% of the time¹⁸.

Interestingly, state-sponsored actors weren’t solely focused on espionage - approximately 28% of incidents involving these actors had a Financial motive¹⁹, possibly indicating that threat actors are “double-dipping” to pad their compensation.

What intellectual property in your organization would be valuable to competitors or nation-states? Have you identified your crown jewels and protected them accordingly?

Credential Theft and Exposure

The report delves into the infostealer malware ecosystem that harvests credentials. Analysis of infostealer malware credential logs revealed that 30% of compromised systems can be identified as enterprise-licensed devices. However, 46% of compromised systems that had corporate logins were non-managed devices hosting both personal and business credentials - likely attributable to BYOD programs or enterprise-owned devices being used outside permissible policy²⁰.

By correlating infostealer logs with victims disclosed by ransomware actors, researchers found that 54% of ransomware victims had their domains appear in credential dumps, and 40% had corporate email addresses in compromised credentials. This suggests these credentials could have been leveraged for ransomware breaches, pointing to access broker involvement²¹.

When was the last time you checked if your organization’s credentials were for sale on the dark web? Could compromised credentials be your biggest vulnerability?

Recommendations for Organizations

Based on the findings in the report, consider implementing these five critical security measures:

1. Improve third-party risk management: Make security outcomes from vendors an important component in the procurement process and have plans for addressing repeat offenders. Implement comprehensive network segmentation and access control for vendors connecting to your environment²².

2. Enhance credential security: Make MFA mandatory, not optional; scrutinize logins (especially through conditional access policies); encourage passphrases over complex passwords; and deploy OS hardening for endpoint systems and domain controllers²³.

3. Prioritize vulnerability management: Understand your exposure to the internet and prioritize patching devices that must connect to the outside world, especially edge devices²⁴.

4. Implement security awareness training: Focus on reporting suspicious activity rather than just avoiding clicks. The data shows that continuous training significantly improves reporting rates even when click rates plateau²⁵.

5. Develop GenAI governance: Control and monitor GenAI usage on corporate devices to prevent sensitive data leakage²⁶.

Taking Action: Your Next Steps

The 2025 DBIR reveals that cybersecurity threats continue to evolve in sophistication and impact. Rather than viewing these findings as overwhelming, consider them a roadmap for prioritizing your security investments.

What one security improvement would make the biggest difference to your organization today? Share your thoughts in the comments below or connect with me to discuss how these findings apply to your specific industry context.

Remember: Security is not just an IT issue—it’s a business imperative that requires leadership attention and strategic investment.