Verizon’s newly released 2026 Data Breach Investigations Report (DBIR) paints a cybersecurity landscape increasingly defined by vulnerability exploitation, ransomware persistence and AI-assisted attacks — while reinforcing that basic cyber hygiene remains the strongest defense.
The report analyzed more than 31,000 security incidents and 22,000 confirmed data breaches across 145 countries — Verizon’s largest breach dataset to date.
A major shift this year: exploitation of vulnerabilities surpassed stolen credentials as the leading initial access vector for breaches. Vulnerability exploitation accounted for 31% of breaches, up sharply from 20% a year earlier, while credential abuse fell to 13%.
The findings underscore mounting pressure on IT and security teams as patch volumes rise faster than remediation capacity. Verizon found only 26% of critical vulnerabilities listed in CISA’s Known Exploited Vulnerabilities catalog were fully remediated in 2025, down from 38% the previous year. Median remediation time also worsened to 43 days from 32 days.
Ransomware also continued its upward trajectory, appearing in 48% of all breaches versus 44% last year. However, Verizon noted some encouraging signs: 69% of ransomware victims in the dataset did not pay a ransom, and median ransom payments declined to $139,875 from $150,000.
Third-party risk emerged as another major concern. Breaches involving third parties rose 60% year-over-year and now account for 48% of all breaches. Verizon attributed many incidents to weak authentication controls, poor credential management and missing or improperly configured multifactor authentication in cloud environments.
The report also highlights how generative AI is beginning to materially influence cybercrime operations. Verizon found threat actors are increasingly using AI tools to support targeting, phishing, malware development and vulnerability research. In many observed cases, attackers used AI assistance across 15 or more attack techniques.
At the same time, Verizon emphasized that AI is currently accelerating known attack methods more than creating entirely new ones. Most AI-assisted malware activity still relied on well-established techniques already familiar to defenders.
Other notable findings from the report include:
- Using software flaws (31%) has surpassed stolen credentials for the first time, with AI accelerating attacks from months to hours.
- Third-party supply chain breaches jumped 60% (now 48% of total), while AI bot traffic is growing 21% month-over-month.
- Human involvement remained a factor in 62% of breaches, slightly up from 60% last year.
- Mobile-focused social engineering attacks, including voice and text-message phishing, generated “click” success rates 40% higher than email phishing simulations
- Shadow AI usage is growing rapidly inside enterprises, with 45% of employees now using AI tools on corporate devices, up from 15% a year ago
- Unauthorized AI usage increasingly involved employees uploading source code, structured data and technical documents into external AI platforms, creating intellectual property and data exposure risks
Related Posts
-
See our breakdown of M&A activity by product category, the latest EBITDA trading multiples for…
-
This comprehensive MDM 2Q26 Forecast Report is a guide to the U.S. wholesale distribution economy,…
-
Our latest MarketPulse Report shares a wealth of data and analysis from the 4Q25 Baird-MDM…