Data Breach Investigations Report – DBIR – 2025
Document de synthèse
Introduction
Welcome to the 2025 Verizon DBIR. This 18th edition of our annual report on data compromises offers a detailed overview of cybercrime, with valuable insights into specific threats, attacker profiles, and recommended protective measures.
This year, the Verizon DBIR team analyzed 22,052 security incidents, including a record 12,195 confirmed data compromises. Organizations of all sizes and from all sectors were affected. The data comes from the Verizon Threat Research Advisory Center (VTRAC) intervention missions, global contributors, and publicly available incident details, covering approximately 139 countries.
While threat landscapes vary based on factors like company size, sector, and region, certain themes consistently emerge. The 2025 report highlights the significant role of third parties in both initiating and executing compromises. While software vendors have long contributed to the expanding attack surface, scattered incidents of minor to moderate importance over the past few years have evolved into a more insidious problem with potentially devastating effects. This phenomenon is a central theme of the 2025 edition and is woven throughout this summary.
This summary presents the key findings of the DBIR report, including the latest data on compromises by sector and region. We encourage you to share this summary with colleagues and download the full report (in English) for a more detailed understanding of the threats facing your business.
Key Findings/Summary of Results
Credential Misuse: 22% of compromises.
Exploitation of Vulnerabilities: 20% of compromises. This marks a 34% increase from the 2024 edition, driven by zero-day exploits targeting edge devices and VPNs. The number of targeted edge devices and VPNs increased eightfold, from 3% to 22%. Despite patching efforts, only 54% of vulnerabilities were fully remediated within a median of 32 days.
Phishing: 16% of compromises.
Ransomware: Ransomware attacks (with or without encryption) have increased by 37% compared to the 2024 edition, accounting for 44% of all data compromises. The average ransom payment has decreased to $115,000 from $150,000. Notably, 64% of victim organizations refused to pay the ransom, double the rate in 2023. Ransomware disproportionately affects SMEs and SMBs, accounting for 88% of compromises in these organizations compared to 39% in larger enterprises.
Breakdown by Sector
Education (SCIAN 61)
Volume: 1075 incidents, 851 confirmed data compromises.
Main Patterns: System intrusion, miscellaneous errors, and social engineering account for 80% of compromises.
Attackers: External (62%), Internal (38%).
Motivations: Financial (88%), Espionage (18%).
Compromised Data: Personal data (58%), internal data (49%), other (35%), credentials (12%).
Summary: System intrusion, miscellaneous errors, and social engineering remain the top three attack vectors. While incidents and compromises in the education sector have decreased, the attack patterns remain similar, with system intrusion being the primary method, largely driven by financially motivated external actors.
Finance and Insurance (SCIAN 52)
Volume: 3336 incidents, 927 confirmed data compromises.
Main Patterns: System intrusion, social engineering, and web application attacks comprise 74% of compromises.
Attackers: External (78%), Internal (22%), Partners (1%).
Motivations: Financial (90%), Espionage (12%).
Compromised Data: Personal data (54%), other (44%), internal data (35%), credentials (22%).
Summary: System intrusion continues to be the primary attack vector, likely due to the prevalence of more complex attacks. The finance and insurance sector is dominated by malicious actors seeking monetizable data, with espionage showing an increase.
Health (SCIAN 62)
Volume: 1710 incidents, 1542 confirmed data compromises.
Main Patterns: System intrusion, "other" category, and miscellaneous errors constitute 74% of compromises.
Attackers: External (67%), Internal (30%), Partners (4%), Multiple (1%).
Motivations: Financial (90%), Espionage (16%).
Compromised Data: Medical data (45%), personal data (40%), internal data (32%), other (24%).
Summary: The health sector remains a prime target for cybercriminals, with a slight increase in incidents and compromises. System intrusion (including ransomware) leads the attack vectors, doubling miscellaneous errors. Espionage as a motivation has also increased.
Industry (SCIAN 31-33)
Volume: 3837 incidents, 1607 confirmed data compromises.
Main Patterns: System intrusion, social engineering, and web application attacks represent 85% of compromises.
Attackers: External (86%), Internal (14%).
Motivations: Financial (87%), Espionage (20%).
Compromised Data: Internal data (64%), other (37%), personal data (33%), credentials (22%).
Summary: System intrusion, social engineering, and web application attacks remain the top three patterns, largely driven by financially motivated external actors. Espionage cases increased significantly to 20% this year. Over 90% of victim organizations were SMEs and SMBs.
Retail (SCIAN 44-45)
Volume: 837 incidents, 419 confirmed data compromises.
Main Patterns: System intrusion, social engineering, and web application attacks account for 93% of compromises.
Attackers: External (96%), Internal (3%), Partners (1%).
Motivations: Financial (100%), Espionage (9%).
Compromised Data: Internal data (65%), other (30%), credentials (26%), payment data (12%).
Summary: Cyber incidents in retail are increasing. Attackers are increasingly targeting data beyond payment information. Espionage cases have significantly increased, serving as a warning for security teams to be aware of more sophisticated threats.
Public Sector (SCIAN 92)
Volume: 1422 incidents, 946 confirmed data compromises.
Main Patterns: System intrusion, miscellaneous errors, and web application attacks represent 78% of compromises.
Attackers: External (67%), Internal (33%), Partners (1%).
Motivations: Financial (76%), Espionage (29%), Ideological (2%).
Compromised Data: Personal data (47%), internal data (44%), other (41%), secrets (17%).
Summary: Public sector organizations continue to be targeted for their personal data. While most attacks are by external actors, a significant number are due to internal errors. Ransomware accounts for 30% of compromises across all public sector strata.
Overview of Other Sectors
This section provides a summary of incidents and compromises in various other sectors:
| Sector (SCIAN) | Volume | Main Patterns | Attackers | Motivations | Compromised Data |
|---|---|---|---|---|---|
| Agriculture (11) | 80 incidents, 55 compromises | System intrusion, web application attacks, social engineering (96%) | External (96%), Internal (4%) | Financial (98%), Espionage (33%), Ideological (2%) | Internal (67%), Other (39%), Secrets (35%) |
| Administrative Services (56) | 153 incidents, 145 compromises | System intrusion, social engineering, miscellaneous errors (97%) | External (95%), Internal (3%), Partners (2%) | Financial (100%) | Internal (83%), Credentials (31%), Personal data (10%), Other (8%) |
| Mining (23) | 307 incidents, 252 compromises | System intrusion, social engineering, web application attacks (96%) | External (97%), Internal (3%) | Financial (77%), Espionage (23%) | Internal (77%), Credentials (31%), Other (23%), Secrets (21%) |
| Entertainment (71) | 493 incidents, 293 compromises | System intrusion, social engineering, miscellaneous errors (76%) | External (71%), Internal (29%) | Financial (97%), Espionage (18%), Ideological (3%), Recreational hacking (1%) | Personal data (58%), Other (39%), Internal data (32%), Credentials (18%) |
| Information (51) | 1589 incidents, 784 compromises | System intrusion, web application attacks, social engineering (82%) | External (83%), Internal (17%), Partners (1%) | Financial (78%), Espionage (36%), Ideological (1%) | Other (62%), Internal data (51%), Personal data (37%), Secrets (27%) |
| Management (55) | 113 incidents, 107 compromises | System intrusion, social engineering, abuse of privileges (99%) | External (97%), Partners (2%), Internal (1%) | Financial (99%), Espionage (1%) | Internal data (95%), Credentials (33%), Medical data (1%), Personal data (1%), System data (1%) |
| Mining (21) | 64 incidents, 52 compromises | System intrusion, social engineering, web application attacks (96%) | External (98%), Internal (6%), Multiple (4%) | Financial (100%), Espionage (3%), Retaliation (3%) | Internal data (59%), Credentials (43%), System data (20%), Other (18%) |
| Other Services (81) | 683 incidents, 583 compromises | System intrusion, social engineering, miscellaneous errors (79%) | External (68%), Internal (33%) | Financial (69%), Espionage (31%) | Personal data (57%), Internal data (48%), Other (44%), Secrets (18%) |
| Professional Services (54) | 2549 incidents, 1147 compromises | System intrusion, social engineering, web application attacks (91%) | External (93%), Internal (7%), Partners (1%) | Financial (88%), Espionage (17%) | Internal data (70%), Other (25%), Credentials (24%), Personal data (24%) |
| Real Estate (53) | 339 incidents, 320 compromises | System intrusion, social engineering, miscellaneous errors (84%) | External (64%), Internal (36%) | Financial (100%) | Personal data (70%), Internal data (40%), Other (27%), Banking data (17%) |
| Transportation (48-49) | 361 incidents, 248 compromises | System intrusion, web application attacks, social engineering (91%) | External (94%), Internal (7%), Multiple (2%), Partners (1%) | Financial (98%), Espionage (16%), Ideological (1%) | Internal data (67%), Other (25%), Credentials (22%), Personal data (20%) |
| Energy (22) | 358 incidents, 213 compromises | System intrusion, social engineering, web application attacks (92%) | External (92%), Internal (8%), Multiple (1%) | Financial (70%), Espionage (66%), Recreational hacking (1%) | Internal data (80%), Secrets (61%), Other (42%) |
| Wholesale Trade (42) | 330 incidents, 319 compromises | System intrusion, social engineering, abuse of privileges (98%) | External (97%), Internal (3%) | Financial (100%) | Internal data (93%), Credentials (24%), Other (3%), Personal data (3%), System data (3%) |
Results by Region
Asia-Pacific (APAC)
Volume: 2687 incidents, 1374 confirmed data compromises.
Main Patterns: System intrusion, social engineering, and web application attacks constitute 97% of compromises.
Attackers: External (99%), Internal (1%).
Motivations: Financial (83%), Espionage (34%).
Compromised Data: Internal data (78%), other (41%), secrets (33%).
Europe, Middle East, and Africa (EMEA)
Volume: 9062 incidents, 5321 confirmed data compromises.
Main Patterns: System intrusion, social engineering, and miscellaneous errors represent 89% of compromises.
Attackers: External (71%), Internal (29%).
Motivations: Financial (87%), Espionage (18%).
Compromised Data: Internal data (62%), personal data (49%), other (37%), secrets (13%).
Latin America and the Caribbean (LAC)
Volume: 657 incidents, 413 confirmed data compromises.
Main Patterns: System intrusion, social engineering, and web application attacks represent 99% of compromises.
Attackers: External (100%), Partners (1%), Multiple (2%).
Motivations: Financial (84%), Espionage (27%).
Compromised Data: Internal data (97%), secrets (27%), other (24%).
North America (NA)
Volume: 6361 incidents, 2867 confirmed data compromises.
Main Patterns: System intrusion, "other" category, and social engineering account for 90% of compromises.
Attackers: External (91%), Internal (5%), Partners (5%), Multiple (1%).
Motivations: Financial (95%), Espionage (9%).
Compromised Data: Internal data (49%), medical (35%), credentials (23%), other (17%).
Inform Yourself, Prepare Yourself
To effectively combat current threats, reliable information is crucial. The DBIR report presents the actors, trends, and operational methods impacting your business, helping you to better protect yourself and educate your users. Benefit from concrete insights to secure your enterprise.
Read the full 2025 DBIR report (in English) at verizon.com/dbir/.
Contribute to a Safer Digital World: If your company collects security data and incident information, you can contribute to Verizon's annual report. Simply email dbircontributor@verizon.com. We welcome your feedback to improve future editions. Contact us at dbir@verizon.com, connect with Verizon Business or one of the authors on LinkedIn, and visit the VERIS GitHub page: https://github.com/vz-risk/veriss.
Related Documents
 |
Verizon 2024 Data Breach Investigations Report: Key Findings and Trends Explore the 2024 Data Breach Investigations Report from Verizon, detailing the latest trends, tactics, and impact of cyber threats. Understand key findings on ransomware, phishing, system intrusions, and industry-specific vulnerabilities. |
 |
Verizon DBIR 2025: Key Cyber Threat Insights An overview of the Verizon Data Breach Investigations Report (DBIR) 2025, highlighting key findings on cyber threats, ransomware, human factors, state-sponsored attacks, and the impact of AI. |
 |
Six Essential Pillars of Ransomware Prevention Strategy | Verizon Business Discover the six essential pillars for a robust ransomware prevention strategy, including timely patching, cybersecurity education, MFA, EDR, backup and recovery, and network segmentation, as detailed by Verizon Business. |
 |
An Expert Guide to Lowering Social Engineering Risks | Verizon Learn how to lower social engineering risks with Verizon's expert guide. Discover strategies for building a layered defense plan, including employee awareness training, detection, incident response, ongoing testing, and security protection controls. |
 |
Securing Industrial Operations in the Age of Interconnectivity | Verizon Business Learn about Verizon's six-phase security framework to protect industrial operations (OT/IoT) from cyber threats like ransomware and espionage, enhancing visibility, segmentation, automation, and remote access. |
 |
Verizon Norway AS Transparency Act Statement for Financial Year 2024 Verizon Norway AS Transparency Act statement for the financial year 2024, detailing human rights due diligence, policies, governance, and risk management. |
 |
Verizon Code of Conduct: Integrity and Ethical Business Practices Verizon's Code of Conduct outlines the company's commitment to integrity, respect, performance excellence, accountability, and social responsibility. It provides guidance on ethical decision-making, workplace conduct, customer interactions, and protecting company assets. |
 |
Verizon Field Force Manager Getting Started Guide A guide to installing, activating, and setting up the Verizon Field Force Manager application, including troubleshooting tips. |