A surge in global data breaches, and EMEA (Europe-Middle East-Africa) experiencing a significant increase in system intrusion breaches, are among the findings of the 2025 Data Breach Investigations Report (DBIR), by the telecoms firm Verizon Business.
The firm’s 18th annual report analysed over 22,000 security incidents, including 12,195 confirmed data breaches. It found third-party involvement doubling to 30 per cent in this year’s report and a 34pc rise in vulnerability exploitation globally. In EMEA, some 29pc of breaches originated from within the organisation, a contrast to APAC (Asia-Pacific), where only 1pc of threats are from internal actors, and North America, where internal threats account for 5pc of breaches.
What they say
Sanjiv Gossain, Group Vice President and Head of EMEA of Verizon Business, said: “The alarming rate of employee-driven breaches in EMEA underscores a critical need for businesses to strengthen their internal cybersecurity. Organisations must go beyond guarding against external threats and foster a culture of security awareness and accountability within. The surge in system intrusions across EMEA is a clear warning to organisations to urgently fortify both external defenses and internal controls through comprehensive employee training, robust access controls, and zero-trust frameworks.”
Globally
As for globally, ransomware attacks rose by 37pc since last year, and are now present in 44pc of breaches, despite a noticeable decrease in the median ransom amount paid. The percentage of breaches involving third parties doubled, highlighting the risks associated with supply chain and partner ecosystems. In terms of sectors, worldwide, manufacturing has experienced a near sixfold surge in espionage-motivated breaches, jumping to 20pc from 3pc last year. Healthcare similarly faces rising espionage threats, while education and financial industries also continue to face persistent cybersecurity challenges. Retail has seen a 15pc increase in cyber incidents since 2024. There, attackers are pivoting away from payment card data toward easier targets; such as customer credentials, business plans, and reports.
For more, visit https://www.verizon.com/business/resources/reports/dbir/#2025DBIRNR.
Comments
Greg Linares, principal threat intelligence analyst at the cyber firm Huntress, said, “We’re seeing a distinct shift in how modern attackers breach enterprise environments, and one of the most consistent trends right now is the exploitation of edge devices. These devices, ranging from firewalls, zero-trust network devices, and VPN appliances to load balancers and IoT gateways, serve as the gateway between internal networks and the broader internet. Because they operate at this critical boundary, they often hold elevated privileges and have broad visibility into internal systems. Ironically, that centrality is precisely what makes them both indispensable and dangerously vulnerable.
“There are several reasons why edge devices have become such attractive targets. First, they tend to be poorly maintained. Many organisations adopt a “deploy and forget” mentality; often these systems run outdated firmware, aren’t integrated into standard patching pipelines, and often escape the visibility of traditional security tooling or scanning. Vendor-side issues exacerbate this, many have poorly written software often containing vulnerabilities that were common in the early 2000s.”
The cyber firm Tenable contributed vulnerability data to the report and worked with Verizon to provide contextual data on the most prolific vulnerabilities of the last year. Scott Caveza, senior staff research engineer at Tenable said: “The number of new vulnerabilities disclosed continues to increase sharply, giving cyber defenders a never-ending ‘to-do list.’ Generally, the most critical vulnerabilities should be at the top of the list, especially for edge devices that serve as a metaphorical door into your environment. However, the context around vulnerabilities – where a given vulnerability exists in your environment, what data or systems are potentially at risk, ease of exploitation, the existence of a proof-of-concept, and so much more – drives informed prioritisation and remediation. The biggest, baddest vulnerability could be a non-issue in some circumstances depending on context.”
