Verizon Business Releases Findings from 18th Data Breach Investigations Report
Data Breach, Ransomware Both on the Rise as Security Landscape Sees More Threats
Verizon Business has released the results of its annual Data Breach Investigations Report, which is now on its 18th year. It is one of the world’s leading cybersecurity reports as it is grounded in real-world data. This year’s edition analyses 20,000 security incidents and 12,000 confirmed breaches, with contributions from over 100 global partners—including forensic experts, law enforcement agencies, cyber insurers, and security vendors.
Here are some of the notable findings of Verizon Business’s Data Breach Investigations Report:
Data breaches surged by 20%—hitting a record high.
According to Verizon’s Data Breach Investigations Report, the number of confirmed breaches rose by a fifth in the year to October 2024—the highest volume since the report began in 2008—as organisations struggled to contain attacks across an expanding digital estate. In the Asia Pacific (APAC) region, there were 2,687 out of the 12,000 confirmed breaches. Of these, 1,374 incidents involved confirmed data disclosure, highlighting a significant impact on data security within the region.
Overall, the report analysed more than 12,000 confirmed breaches across 139 countries, with third-party service providers, edge devices, and stolen credentials among the most common access points. The growth reflects a mix of rising attack complexity and improved incident detection and reporting.
Human error accounts for 60% of all breaches Human error remains one of the most persistent causes of data breaches.
According to Verizon’s latest Data Breach Investigations Report, 60 per cent of breaches involved a human element—including phishing, stolen credentials, and routine mistakes. Stolen passwords were used in 22 per cent of cases, while phishing accounted for 15 per cent. Simple errors, such as sending information to the wrong person or incorrectly setting access permissions, were roughly twice as common as deliberate or nefarious misuse of access by insiders.
The report also noted a shift in social engineering tactics, with attackers increasingly using “prompt bombing”—flooding users with login approval requests in the hope they click through—to get around multi-factor authentication.
Ransomware featured in 44% of enterprise breaches.
Ransomware attacks are increasingly aimed at paralysing operations rather than stealing data, a shift that has made downtime more costly than the ransom itself in many cases. The trend was reflected in Verizon’s latest Data Breach Investigations Report, which found ransomware involved in 44 percent of breaches last year—the most common attack type. Ransomware accounts for 51% of the total breaches in APAC and remains highly visible as threat actors often publicize breaches.
While the scale of attacks has grown, the proportion of victims paying ransoms has fallen. Verizon stated that 64 per cent of organisations refused to pay, up from 50 per cent two years ago, while median payments dropped to USD $115,000 from USD $150,000. Attackers have adapted by scaling their operations—automating attacks, exploiting edge infrastructure, and targeting suppliers—to compensate for lower returns per victim. Small and medium-sized businesses were bearing the brunt of attacks, with ransomware linked to 88 percent of breaches in that group.
State-backed attacks nearly tripled—espionage up 163%.
State-backed cyberattacks have nearly tripled in the last year, with espionage-motivated breaches rising 163 per cent in a year, according to Verizon’s Data Breach Investigations Report. Within the APAC region, these espionage-motivated breaches represent 34 per cent of all analysed breaches, a higher proportion compared to other regions like EMEA (18 per cent) and North America (9 per cent).
According to the Data Breach Investigations Report, 70 per cent of espionage-related breaches used vulnerability exploitation as the initial access point—often targeting unpatched VPNs, firewalls, and zero-day flaws. The report also noted that nearly a third of state-linked incidents had a financial component, suggesting some actors are blending espionage with profit-seeking activity.
AI-written scam emails have doubled in two years.
Criminal groups are increasingly deploying generative AI to craft more convincing phishing emails, experimenting with large language models to improve grammar, tone and localisation. According to Verizon’s latest Data Breach Investigations Report, the share of phishing messages containing AI-generated text has doubled over the past two years from a low base of around 5 to 10 per cent.
A separate concern is the risk of corporate data exposure through employee use of public AI platforms. According to Verizon, 15 per cent of employees accessed generative AI tools on corporate devices at least every two weeks, with many doing so via unsanctioned personal accounts
One in three breaches start with a third-party.
Nearly a third of cyber breaches now involve a third-party vendor or platform, according to Verizon’s Data Breach Investigations Report—double the share seen the previous year. The findings highlight the growing exposure businesses face through suppliers, SaaS platforms and service providers operating outside their direct control.
Verizon attributes the rise to weak access controls, poor visibility and growing reliance on internet-facing infrastructure. Attacks targeting VPNs and edge devices jumped nearly eightfold from 3 to 22 per cent of cases, while leaked credentials remained active for an average of 94 days—giving attackers a long window to gain access through partners rather than direct attacks.
