It’s that time of year again: Verizon Business has released the 2025 edition of the Data Breach Investigations Report (DBIR), its 18th-annual report on cybercrime. The DBIR is famous for how well it captures the current state of things, analyzing tens of thousands of security incidents to understand the current threat landscape.
While the newest Verizon DBIR stays true to the report’s longstanding methodology, this year’s edition is notable for the recurring theme of the unprecedented rise in breaches stemming from third-party organizations — especially notable because this is an attack trend that Verizon Business did not analyze until last year’s DBIR. The theme is so integral to this year’s DBIR that the report’s cover has an illustration that reflects the balancing act cybersecurity must perform with the growing dependence on third parties:
“If the impossibly balanced shape on the cover makes you uncomfortable, you have begun to understand the challenges modern Chief Information Security Officers (CISOs) face in the current environment.”
—Verizon 2025 DBIR
Here are the 2025 DBIR’s key themes — including third-party risk —…
