Data breaches caused by system intrusions increased by a quarter (27 percent) whilst exploiting vulnerabilities saw a huge rise also.

According to the new edition of the Verizon Business Data Breach Investigations Report (DBIR), the exploitation of vulnerabilities increased by 34 percent, and accounted for 20 percent of breaches.

In a launch roundtable, attended by SC UK, Ali Neil, director of international security solutions at Verizon, said that too many businesses are overwhelmed by vulnerabilities and often patch based on severity scores, but it remains “hugely confusing” for businesses of all sizes, and the “challenge is getting worse.”

Neil said the beauty of this report is it gives the data of what's happening in the world, and gives an opportunity for them to prioritise certain areas and a portion budget to the right areas.

The 2025 DBIR analysed over 22,000 security incidents, including 12,195 confirmed data breaches.

Insider Threat

Amongst the EMEA findings, it was revealed that insider threats continue to loom large: 29 percent of breaches originate from within EMEA organisations, with 19 percent attributed to unintentional mistakes, while eight percent involve misuse, such as unauthorised use of data that violates the organisation’s policies.

Asked if these insider threats took into account typical lost devices or more deliberate breaches, such as those done by Chelsea Manning in the last decade, Neil said larger organisations, and financial services, they are massively concerned about insider threat and also the Insider threat.

“I think in big business, where the perimeter controls on everything else are so strict, the insider is a big concern,” Neil said. “You look at what was happening with something like LockBit, they were offering $30,000 to an employee to deploy the ransomware, that’s a decent sum of cash, and I'm sure they'd have gone up from there. So if people can be coerced and bribed in that manner, then absolutely.

“The sum of the data speaks to insider threat and healthcare, but I think a lot of that seemed to be more erroneous.”

Ashish Khanna, senior managing director of global security solutions at Verizon Business, also pointed out the ‘shoulder snooping’ factor, which is why organisations are moving from passwords to passphrases.

Asked if this has reduced due to more hybrid working, Khanna said that is a factor, but it is also down to people being more cyber aware - locking their machines, keeping privacy screens on monitors - “that's causing a little bit less of that shoulder surfing, it's still happening, and there will be things that would go around that, but it's less and less.”

Retail Sector

In the sector breakdown, Verizon spokespeople declined to comment on a recent cyber incident, but statistics did show there was a 15 percent increase in cyber incidents since 2024, with attackers now pivoting away from payment card data toward easier targets such as customer credentials, business plans, and reports.

Statistics also showed that 100 percent of incidents were financially motivated. Khanna said that in the past, attacks on retail were about skimming data and targeting the point of sale, and then the trend shifted to something which was more Geo based on damaging the brand itself by targeting their e-commerce websites, or putting bots on their e-commerce platforms.

“It is very much around the abuse of the insider,” he said. “Using the inside out actors to get to the credential because using credentials to get as quickly as possible to either buy goods, buy services, or by financial gain by actually embedding malware into the environment and then bringing the whole retail down.”

Khanna also said many financial services businesses have bigger security teams and even their service providers have got all the tools and gadgets to protect themselves, so attackers now “won't go through the financial services, so they'll probably go through a retail door into financial services.

Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.