Verizon 2025 Report Reveals Sharp Increase in Third-Party Cyberattacks

Verizon Business today released its highly anticipated 2025 Data Breach Investigations Report (DBIR), painting a stark picture of the rapidly evolving threat landscape.

The report, based on analysis of over 22,000 security incidents-including 12,195 confirmed data breaches-reveals a dramatic escalation in both the scale and sophistication of cyberattacks, with a particular emphasis on the heightened risk posed by third-party actors and the exploitation of software vulnerabilities.

DBIR Data Shows Doubling of Third-Party Involvement

One of the most significant findings detailed in the 2025 DBIR is the doubling of breaches involving third-party entities, now accounting for 30% of all incidents analyzed.

This trend underscores the expanding attack surface created by interconnected supply chains, partner networks, and service providers.

Coupled with this, there has been a 34% surge in attacks exploiting vulnerabilities, with adversaries increasingly targeting perimeter devices and virtual private network (VPN) infrastructure through zero-day exploits.

These developments highlight a pressing need for organizations to reassess and strengthen their defenses against both direct and indirect cyber threats.

Credential abuse and exploitation of vulnerabilities continue to dominate as the primary initial attack vectors, representing 22% and 20% of breaches respectively.

These vectors remain popular among threat actors due to the prevalence of weak password practices, insufficient security awareness, and delays in patch management.

Ransomware attacks have surged by 37% over the past year, and are now observed in 44% of all breaches, posing a particular threat to small and medium-sized businesses (SMBs)-where ransomware was present in an alarming 88% of cases.

Despite the increase in attack frequency, the report notes a decline in the median ransom amount paid, which stood at US$115,000 last year.

This figure, nevertheless, constitutes a substantial financial burden for many organizations, particularly those with limited security resources.

Escalating Ransomware and Espionage Threats

The DBIR also highlights the pivotal role of the “human element” in cybersecurity incidents, with social engineering and credential abuse frequently intersecting.

Human error, negligence, and targeted manipulation remain persistent vulnerabilities that adversaries are quick to exploit.

The report further identifies industry-specific threats, with the Manufacturing and Healthcare sectors experiencing a pronounced uptick in cyber-espionage, while Education, Financial Services, and Retail remain consistent targets for a broad array of cybercriminal activity.

Commenting on the report’s implications, Chris Novak, Vice President, Global Cybersecurity Solutions at Verizon Business, emphasized the urgent necessity of a multi-layered defense approach.

“Businesses must invest in robust security controls, including strong password management, timely patching of vulnerabilities, and comprehensive employee security awareness training,” Novak said.

Craig Robinson, Research Vice President of Security Services at IDC, pointed out the mixed nature of this year’s findings, noting that while more organizations are resisting ransom payments, less mature firms-especially SMBs-continue to bear the brunt of escalating ransomware threats.

As digital transformation accelerates and threat actors grow more adaptive, organizations must proactively reinforce their cybersecurity posture, safeguard their digital assets, and foster a culture of security awareness to weather the intensifying barrage of cyber risks.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates

The post Verizon 2025 Report Reveals Sharp Increase in Third-Party Cyberattacks appeared first on Cyber Security News.