The 2025 DBIR Is Out — Here’s What SMBs and CISOs Must Know About This Year's Breach Trends

Written By Tilde Creative

The Key Takeaways from the 2025 DBIR (and What They Mean for You)

The cybersecurity landscape continues to shift, and the 2025 Data Breach Investigations Report (DBIR) from Verizon confirms what many in the industry have already felt: things are getting more complex, and the stakes are rising.

Here are the top findings—and what your organization should do about them.

1. Ransomware Is More Widespread—but Fewer Are Paying

Ransomware was present in 44% of all breaches, a 37% increase over last year. While attackers are more active than ever, 64% of organizations refused to pay—a positive sign of resilience.

What you should do:
Focus on prevention and response. Implement immutable backups, segment your network, and rehearse your incident response plan.

2. Third-Party Breaches Have Doubled

Third-party involvement in breaches jumped from 15% to 30%. This includes vendors, contractors, and platforms that handle your data or connect to your network.

What you should do:
Review your vendor risk management program. Assess your third parties for MFA, secure software development, and breach response capabilities.

3. Vulnerabilities Are the New Phishing

For the first time, exploitation of vulnerabilities (20%) is nearly as common as stolen credentials (22%) as the initial access point in breaches. Edge devices and VPNs are particularly vulnerable, with exposure rising eightfold over the past year.

What you should do:
Patch management must be a top priority—especially for internet-facing devices. Monitor for zero-day vulnerabilities and automate updates when possible.

4. Human Error Is Still a Factor

The “human element” remains involved in 60% of breaches. This includes phishing, misconfigurations, and leaked credentials—many of which are due to BYOD and poor personal/corporate credential hygiene.

What you should do:
Train your employees regularly on phishing, safe browsing, and secure credential use. Enforce strong password policies and consider using passwordless authentication or passkeys.

5. Espionage Is on the Rise

State-sponsored attacks with espionage motives now account for 17% of breaches, often involving zero-day exploits. Even small companies can become collateral damage in geopolitical cyber conflicts.

What you should do:
Even if you’re not a direct target, harden your infrastructure. Follow NIST guidelines, use least privilege principles, and monitor for lateral movement.

Final Thoughts

The 2025 DBIR reinforces what many cybersecurity leaders already know: you don’t have to be a Fortune 500 company to be a target. Whether you’re a startup, SMB, or enterprise, the fundamentals—patching, training, access control, and third-party risk—are more crucial than ever.

If you'd like help applying these insights to your business or improving your audit readiness, let’s talk.

Source: Verizon 2025 Data Breach Investigations Report

Tilde Creative
Next

The Future of Cybersecurity Compliance: Trends & Best Practices