The Verizon Data Breach Investigations Report (DBIR) for 2025 reveals concerning trends in the security of perimeter devices. A startling statistic shows that only about half of zero-days exploited in VPNs and internet-facing appliances were patched, and the median time to patch was 32 days. The vulnerabilities in devices from companies like Ivanti, Fortinet, SonicWall, and Citrix led to a 34% increase in exploitation compared to the previous year, becoming the second-most common method of entry for professional hackers. The report also highlights that just 54% of vulnerabilities in edge devices were fully remediated throughout the year.
Credential abuse remained a significant threat, accounting for 22% of initial access attempts.
However, exploitation of unpatched vulnerabilities grew to 20%, signaling an increasing focus on weaknesses in internet-facing appliances. Data-extortion ransomware breaches rose sharply, making up 44% of the incidents studied, a 37% increase from previous years. The report also noted that ransomware payments decreased to a median of $115,000, while the number of companies refusing to pay increased to 64%, up from 50% two years ago.
Verizon’s research also found a concerning rise in supply chain breaches, which doubled to 30% of incidents. These breaches often involved third-party software suppliers, MSPs, or partner portals, with a 94-day median lag between the discovery of leaked secrets and remediation. Nation-state-backed cyberattacks were also highlighted in the report, accounting for 17% of breaches, with vulnerability exploitation being the primary method of entry 70% of the time.
While cyberespionage remained the dominant motive, the DBIR noted that 28% of nation-state cases aimed at financial gain, indicating some government hackers were seeking personal profit.
Despite these sophisticated attacks, human error remains a weak link in security. The report revealed that 60% of breaches involved email phishing, mis-sent data, or password reuse. Moreover, the issue of bring-your-own-device (BYOD) policies continues to complicate corporate defenses, with 30% of compromised endpoints belonging to licensed enterprise devices, and nearly half belonging to unmanaged machines. The 2025 DBIR, which analyzed over 22,000 security incidents, underscores the growing threats to perimeter devices, third-party vendors, and human oversight in cybersecurity.
Reference:
