Cyber Threats 2025: What Business Leaders Must Know About Data Breaches and Ransomware based on latest DBIR

In 2025, cybercriminals have become more ruthless and effective than ever before. The latest Verizon Data Breach Investigations Report (DBIR) analyses over 22,000 security incidents from across the globe, revealing worrying trends that should alert every business leader. It is no longer a matter of “if” your company will be attacked, but “when” and “how well prepared you will be”.

For business leaders, this means a fundamental shift in the approach to cybersecurity – from reactive incident response towards proactive organisational resilience. In this article, we discuss the key threats identified in the report, along with specific actions you can take today to protect your business.

Ransomware: The Unrivalled King of Cyber Threats

An Alarming Surge in Ransomware Attacks

Ransomware remains the single greatest threat to modern enterprises, and the data from 2025 is nothing short of dramatic. As much as 44% of all breaches involved ransomware – up from 32% in the previous year. The situation for small and medium businesses is even more dire: a staggering 88% of data breaches at firms with fewer than 1,000 employees were ransomware-related, compared to “only” 39% among large organisations.

Paradoxically, despite the increasing frequency of attacks, the median ransom payment has fallen from $150,000 to $115,000. This is not necessarily good news – it simply means more companies are declining to pay up. In 2024, 64% of victim organisations refused to pay the demanded ransom, up from 50% two years ago.

Immediate Actions for Decision-Makers

Short-Term Steps:

• Audit your backup systems and ensure that at least one copy is stored offline, immune to ransomware encryption.
• Implement network segmentation to limit the spread of malicious software.
• Deploy multi-factor authentication (MFA) across all critical systems.
• Develop and test an incident response plan, including specific ransomware scenarios.

Strategic Investments:

• Consider acquiring specialised cyber insurance.
• Invest in EDR (Endpoint Detection and Response) and XDR (Extended Detection and Response) solutions.
• Establish relationships with expert incident response providers.

Phishing Evolves: Artificial Intelligence Changes the Game

A New Face for Phishing Attacks

Traditional phishing indicators – spelling errors, suspicious domains, clunky translations – are no longer reliable. The Verizon report shows that the use of artificial intelligence in phishing emails has doubled in the last two years. Modern phishing campaigns are sophisticated enough to convincingly mimic communication from known suppliers, business partners, or even colleagues.

A particularly worrying phenomenon is “prompt bombing” – flooding users with MFA authentication requests in the hope they will eventually relent and approve malicious access. This tactic featured in over 20% of social engineering attacks in 2025.

Despite widespread user training, the median click rate in phishing simulations remains around 1.5% of employees. This means that even in the best-trained organisations, there is always someone who may become a victim.

Practical Steps for Business Leaders

Modernising Security Training:

• Transition from traditional presentations to interactive phishing simulations at least once a month.
• Emphasise incident reporting – employees with the latest training report phishing attempts four times more often.
• Reward staff for reporting suspicious emails, rather than punishing mistakes.

Technical Safeguards:

• Deploy AI-powered anti-phishing solutions.
• Use DMARC, SPF, and DKIM for all company domains.
• Consider moving to passwordless authentication (passkeys), wherever possible.
• Set up conditional access policies that require extra validation for atypical logins.

Third-Party Vendors: The Weakest Link in the Security Chain

Dramatic Rise in Supplier-Related Incidents

One of the most alarming trends in the DBIR 2025 report is the doubling of third-party involvement in security incidents – from 15% to 30%. Today’s enterprises are so dependent on external vendors that an attack on a single partner can paralyse dozens, even hundreds, of organisations simultaneously.

Headline incidents, like the Snowflake breach (affecting 165 firms), Change Healthcare, or CDK Global, have shown how a single weak spot in the supply chain can trigger a domino effect. Worse, the median time to remove leaked secrets from GitHub repositories is 94 days – more than enough for cybercriminals to exploit them.

Specific Actions for Decision-Makers

Due Diligence with Vendors:

• Mandatory cybersecurity risk assessment for all critical suppliers.
• Require business partners to document their security policies and incident response plans.
• Include security clauses in contracts, covering audit rights and mandatory incident disclosure.

Third-Party Risk Management:

• Create a registry of all external vendors with access to your data or systems.
• Categorise suppliers by risk level and adjust controls accordingly.
• Consider investing in TPCRM (Third-Party Cyber Risk Management) solutions.
• Develop business continuity plans in case a key partner is compromised.

Segmentation and Access Control:

• Restrict supplier access to essential systems and data only.
• Apply the principle of least privilege for all external accounts.
• Regularly review and revoke unnecessary permissions.

User Training: An Investment That Yields Returns

Why People Remain the Weakest Link

Despite all the technical controls in place, human error is present in 60% of all breaches. This means most attacks still require some form of user interaction – clicking a malicious link, revealing credentials, or following a suspicious instruction.

The good news is that investments in user training yield measurable results. Companies with regular training report four times as many suspicious emails. Moreover, knowing how to report incidents has a greater impact on organisational safety than merely recognising phishing attempts.

Recommended Steps for Leaders

]

Creating a Cybersecurity Culture:

• Make cybersecurity a key organisational priority at board level.
• Communicate regularly from top management about the importance of security.
• Reward staff for reporting suspicious activities, don’t punish honest mistakes.

Modernising Training Approaches:

• Move from annual training to regular, brief learning sessions.
• Use realistic, industry-tailored threat examples.
• Embrace microlearning – short, 2–3 minute educational pieces sent frequently.
• Run phishing simulations at least monthly.

Measuring Effectiveness:

• Track not just ‘click rates’ but also incident reporting rates.
• Monitor response times for reported incidents.
• Survey employees routinely on security awareness.

Exploiting Vulnerabilities: It’s a Race Against Time

Zero-Day and Edge Devices – The New Battlefield

Exploiting vulnerabilities as an initial access vector has risen dramatically by 34% year-on-year, reaching 20% of all breaches. Attacks on edge devices and VPNs are particularly concerning – their share jumped eightfold, from 3% to 22%.

The problem is exacerbated by the speed of exploitation – the median time to mass exploitation of new vulnerabilities is just 5 days; for edge devices, it’s often zero days (in 9 of 17 cases, exploitation began the same day a vulnerability was published).

Organisations are struggling: only 54% of edge vulnerabilities were fully remediated over the year, and the median time to patch is 32 days.

Action Steps for Executives

Vulnerability Management:

• Implement automated vulnerability scanning across all systems.
• Establish urgent patching processes for critical systems (goal: 24–48 hours).
• Maintain a registry of all externally-facing and edge devices.
• Deploy Attack Surface Management tools.

Strategic Approach:

• Consider outsourcing vulnerability management to expert providers.
• Invest in virtual patching solutions for systems that cannot be rapidly updated.
• Segment networks to limit the fallout from potential compromises.
• Develop contingency procedures for emergency disconnection from the internet.

Access Control:

• Minimise the number of systems accessible directly from the internet.
• Adopt next-generation VPN or Zero Trust Network Access solutions.
• Apply multi-factor authentication to all remote systems.

Financial Sector: A Premium Target for Cybercriminals

The financial industry remains one of the most targeted sectors, for obvious reasons – that’s where the money is. System intrusion (73% of breaches) dominates the landscape, powered by ransomware and stolen credential attacks.

What’s alarming is the rise in espionage-motivated attacks, increasing from 5% to 12% – financial institutions are now being targeted not only by criminals but also nation-state groups.

Steps for the Financial Sector

Enhanced Protection:

• Real-time AI-driven transaction monitoring.
• Advanced behavioural anomaly detection solutions.
• Full tokenisation of all sensitive financial information.
• Deploy anti-fraud solutions powered by machine learning.

Preparing for the Future: Strategic Recommendations

Organisational Resilience

In face of mounting cyber threats, business leaders must adopt a strategic mindset. Cybersecurity is not just IT’s domain – it’s now a matter of business continuity and executive-level risk management.

Strategic Actions

At Board Level:

• Make cybersecurity a standing item on board agendas.
• Appoint a director responsible for cyber oversight.
• Define and track cybersecurity metrics as KPIs for the whole organisation.
• Appoint a Chief Information Security Officer (CISO) if you don’t have one already.

Technology Investments:

• Move towards a Zero Trust Architecture.
• Invest in Security Orchestration, Automation and Response (SOAR) platforms.
• Consider adopting Security Service Edge (SSE) technologies.
• Implement continuous security monitoring.

Collaboration and Intelligence:

• Join industry groups for cyber threat information sharing.
• Build partnerships with government cybersecurity agencies.
• Collaborate with competitors on threat intelligence where appropriate.
• Invest in external threat intelligence feeds.

Conclusion: The Time to Act Is Now

The Verizon DBIR 2025 paints a worrying picture of the cyber threat landscape, but it also provides clear guidance on how to defend yourself. The key takeaways are:

1. Ransomware remains the top threat – invest in backups, segmentation, and modern user training.
2. Phishing is evolving – classic approaches are no longer enough; use technology and regular simulations.
3. Third-party vendors are the new battlefield – implement rigorous supplier assessment and monitoring.
4. User training is an investment, not a cost – regularly trained employees are your best defence.
5. Vulnerability management requires automation – manual processes are simply too slow.

Cybersecurity in 2025 is not an option – it’s a business necessity. Organisations that invest proactively will gain a clear advantage over those who wait to become victims. The question is not “if you will be attacked”, but “how well prepared you’ll be when it happens”.

Start today by assessing your current security posture, identify your largest gaps and develop an action plan. Remember – every day of delay is a day your company remains exposed to attacks that could cost millions and destroy a hard-earned reputation.