by Panagiotis Sotiriou, Chief Technology Officer at ADACOM
With its data-driven insights from tens of thousands of events globally, Verizon's recently published 2025 Data Breach Investigations Report (DBIR) once more shapes cybersecurity strategy. This year’s insights show that human behavior remains at the center of breaches. The report’s results expose important changes in how breaches occur, where companies are most exposed, and what steps defenders must prioritize. Moreover, it reminds us of a timeless truth: cybersecurity isn’t just about technology; it's about people.
The Human Element: Still the Biggest Risk
The human factor, in general, remains critical: Verizon notes that roughly 60% of breaches involve a human element, like falling for phishing or using stolen credentials. According to the analysis, 32% of human element breaches stem from credential abuse, 23% are attributed to social engineering actions, and 14% from interacting with malware. These findings highlight the need not only to invest in security awareness but to place significant consideration into managing human risk.
Other key findings of the Verizon 2025 DBIR include:
Credential-Based Attacks Still Reign Supreme
Stolen credentials were involved in over 60% of breaches, making credential misuse the top method attackers used to gain access. Instead of sophisticated hacking, adversaries often “open the door” with compromised accounts. As the DBIR puts it, "Credential theft continues to be the key to the kingdom in the majority of breaches," emphasizing the need for multi-factor authentication (MFA) and better password management.
Vulnerability Exploits Overtake Phishing for Initial Access
Social engineering is still alive, as phishing was linked to nearly 25% of breaches analyzed. Half of users clicked phishing emails within the first hour, often within just 21 minutes, showing how critical employee security awareness remains and how quickly attackers can lure victims.
However, 2025 marked a turning point: for the first time, vulnerability exploitation outpaced phishing as an initial breach vector. There was a 34% year-over-year increase in attackers exploiting unpatched systems, especially internet-facing edge devices like VPNs and firewalls.
Ransomware’s Continued Dominance
Ransomware was featured in 44% of breaches, up significantly from 37% last year, with attackers increasingly targeting small to mid-size businesses. The median ransom payment has dropped, indicating a focus on volume over high payouts. Notably, 64% of victims chose not to succumb to ransom demands, showing the impact of improved backup and recovery strategies. Interestingly, even state-affiliated threat actors are now engaging in ransomware, indicating that the lines between espionage and cybercrime are blurring.
The Insider Threat Persists
Internal actors were responsible for 19% of breaches, mainly through human errors, negligence, or deliberate misuse. Interestingly, the EMEA (Europe/Middle East/Africa) region saw an “alarming rate," as Verizon highlights, insider-driven breaches at a much higher rate (29%) compared to North America and Asia.
Supply Chain Breaches Double
Breaches involving third-party vendors and partners accounted for 30% of incidents, double the previous year's figure. Compromises in the digital supply chain, including poisoned software updates and open-source vulnerabilities, have become a prime avenue for attackers. Verizon's data highlights that trust in the digital supply chain is a growing weak point. With nearly one in three breaches involving a partner or supplier, organizations must extend their security vigilance beyond their perimeter. Remember that your security is only as strong as your weakest partner.
Industry Sectors Most Impacted
No sector is immune to cyber threats, but the DBIR reveals industry-specific trends. Certain verticals were hit particularly hard or saw unique patterns in the past year. The manufacturing sector has seen a dramatic surge in espionage-driven breaches, with incidents rising from 3% to 20% as nation-states and corporate adversaries increasingly target intellectual property. In healthcare, the predominant risks stem from within: insider threats are responsible for frequent incidents such as leakage of sensitive information, unauthorized access to patient records, and ransomware attacks targeting hospital operations.
Financial institutions remain a major target due to their valuable data and assets. While they exhibit strong detection and response capabilities, phishing and credential theft remain their top threats, alongside risks from fintech partners. In the public sector, government institutions face a mix of DDoS attacks, ransomware, and espionage, with nation-state activity on the rise. Tight budgets and outdated infrastructure further complicate defence efforts.
Finally, the retail sector has experienced a shift in attacker focus, moving away from credit card theft to targeting e-commerce logins and customer information. Retailers saw a 15% increase in breach incidents, often through phishing and credential stuffing attacks.
Strategic Implications for Cybersecurity Leaders
Verizon’s 2025 DBIR call to action consists of the following:
- Prioritize Vulnerability Management: Organizations must patch critical vulnerabilities quickly, especially on exposed systems. Risk-based vulnerability management with the assistance of cybersecurity experts, prioritizing based on potential impact, is essential.
- Harden Identity and Access Management: With credential misuse rampant, MFA should be mandatory across all access points, especially for admins and remote users. Strong identity and access management (IAM) practices, Zero Trust models, and user behavior analytics will help detect anomalies early.
- Invest in Security Awareness: Since phishing remains a quick win for attackers, organizations must continuously train employees. Simulated phishing exercises and real-time coaching can dramatically reduce susceptibility.
- Strengthen Supply Chain Security: Vet third-party vendors thoroughly and demand security controls contractually. Limit third-party system access and monitor software dependencies for vulnerabilities or tampering.
- Build Ransomware Resilience: Assume ransomware attacks are inevitable. Ensure offline backups, tested recovery plans, and network segmentation to contain potential breaches. Incident response plans should cover communication, legal considerations, and law enforcement engagement.
- Monitor for Insider Threats: Implement robust access controls, regular audits, and insider threat detection programs. Encouraging a culture of security mindfulness can prevent many accidental breaches.
Turning Insights into Action
The 2025 Verizon DBIR shows that while cyber threats are evolving fast, their primary strategy remains simple: whether they go for an unpatched firewall, an untrained employee, or a trusted vendor, they exploit human nature. Organizations must respond with a layered, adaptive cybersecurity strategy that addresses technical, human, and supply chain risks.
Technical controls are essential, but resilient cybersecurity starts with resilient people. Training, processes, vigilance, and a culture of shared responsibility are the best shields against breaches. ADACOM can help businesses navigate this complexity. From strengthening your defences through IAM best practices, vulnerability scans, awareness training and remediation, to preparing proactive strategies and incident response plans, ADACOM’s professionals ensure your cybersecurity readiness for today's and tomorrow's threats.
Don’t wait for a breach to be your wake-up call. Act now, stay resilient, and stay ahead.