Verizon 2025 Report Reveals Surge in Third-Party Cyberattacks

Cyberattacks on the Rise: Verizon’s 2025 DBIR Reveals Alarming Trends

Cyberattacks are escalating at a concerning rate, according to the newly released 2025 Data Breach Investigations Report (DBIR) from Verizon Business. The report reveals a dramatic increase in third-party involvement in breaches—doubling to 30%—and a 34% surge in the exploitation of vulnerabilities, highlighting the growing cybersecurity challenges businesses face globally.

The comprehensive analysis examined over 22,000 security incidents, including 12,195 confirmed data breaches. Credential misuse (22%) and vulnerability exploitation (20%) remain the most common initial attack methods, emphasizing the critical need for stronger cybersecurity defenses.

“This year’s DBIR underscores the importance of a layered defense strategy,” said Chris Novak, Vice President of Global Cybersecurity Solutions at Verizon Business. “Organizations must prioritize robust security protocols, including enforcing strong password policies, patching vulnerabilities promptly, and investing in employee cybersecurity training.”

Key Findings from the 2025 DBIR:

– Vulnerability Exploitation: This attack vector rose by 34%, with a particular focus on zero-day vulnerabilities targeting VPNs and edge devices.
– Third-Party Breaches: Incidents involving partners and supply chain entities doubled, exposing the risks associated with interconnected ecosystems.
– Ransomware Surge: Ransomware attacks climbed by 37%, now implicated in 44% of breaches, despite a drop in the median ransom payment.
– Human Factor: Human error continues to play a central role in breaches, particularly through social engineering and credential misuse.

The report also breaks down industry-specific threats, revealing ongoing risks in sectors such as Education, Financial Services, and Retail. Worryingly, espionage-related breaches are on the rise in Manufacturing and Healthcare. Small and medium-sized businesses (SMBs) are especially vulnerable to ransomware attacks, bearing the brunt of financial and operational impacts.

The report notes that the median ransom payment stands at $115,000—a significant burden for many SMBs. Verizon Business urges organizations to take immediate action to strengthen their cybersecurity posture in the face of evolving threats.

“This year’s DBIR paints a mixed picture,” said Craig Robinson, Research Vice President for Security Services at IDC. “On the positive side, the percentage of organizations refusing to pay ransoms has increased from 50% to 64% over the past two years. However, the data also shows that SMBs, often lacking mature IT and cybersecurity infrastructure, are disproportionately affected—ransomware accounts for 88% of their breaches.”

Robinson emphasized the importance of education and awareness, noting that while there’s no silver bullet for cybersecurity, Verizon’s efforts to shed light on attacker motivations and tactics are vital to improving global cyber resilience.

As cyber threats continue to evolve, the 2025 DBIR serves as a wake-up call for businesses of all sizes to adopt a proactive, multi-faceted approach to cybersecurity—protecting their data, customers, and long-term viability in an increasingly digital world.