Exploitation of software vulnerabilities has become the most common initial access vector for data breaches, according to the most recent Data Breach Investigations Report by Verizon.
Exploitation of vulnerabilities accounted for 31% of data breach incidents examined by Verizon during a one-year period. The previous leader — credential abuse — dropped to 13%. The report’s authors noted threat actors are increasingly relying on generative artificial intelligence to assist them with their attacks, from choosing targets to developing malware and other tools to make their efforts more effective and efficient.
At the same time, social engineering is evolving as well, with attackers increasingly using voice and other mobile-centric techniques to catch people off guard in the middle of the workday, according to the report.
Only 26% of critical vulnerabilities — as defined by the Cybersecurity Infrastructure and Security Agency — were fully remediated by organizations in 2025, a drop from the previous year’s 38%, the authors said. The median time for full resolution rose to 43 days, almost two weeks more than the previous year’s 32 days. In the median case, organizations had 50% more critical vulnerabilities to patch in this year’s reporting dataset compared to the previous year.
The report also found that ransomware grew to 48% of all breaches, up from 44% from the previous year. However, ransom payments have declined as 69% of victims didn’t pay. The median amount of ransom paid also fell from $150,000 the previous year to $139,875.
