Verizon Data Breach Report 2025: New Critical Insights
The Verizon Data Breach Report 2025 is back again, once more brimming with bad news for various US industries, based on insights drawn from 12,000 confirmed data breaches over the last year.
In this article, we focus on what the health, retail, and finance sectors have been dealing with, but first, some standout stats:
- In 20% of cases, attackers exploited vulnerabilities to access systems.
- Breaches where third parties were involved doubled from 15% to 30% of all cases.
- Ransomware cases rose from 37% to 44% of breaches.
- Ransomware attacks disproportionately affected small and medium businesses, accounting for 80% of attacks compared to 39% for larger organizations.
- 60% of breaches involved human error, roughly the same amount as last year.
- The use of AI to craft phishing emails doubled in the last two years.
- 17% of breaches involved state-sponsored espionage, but 28% of those cases were also financially motivated. It looks like some regimes want cash!
Financial and Insurance Sector
With 3,336 incidents and 926 confirmed data breaches, this sector remains a popular target. 90% of these attacks were motivated by money, but this comes as no surprise. Every financial industry website is a gatekeeper guarding huge amounts of wealth, so attackers employed system intrusion, social engineering, and basic web application attacks in 74% of all breaches.
78% of attacks came from outside sources, as we might expect, but 22% were internal. While that might seem like a shocking amount of in-house skulduggery, it’s actually an improvement from last year. The 2024 report found that 31% of breaches came from internal sources. It’s hard to know whether that means internal threat actors were less successful or external attackers were more so, but either way, it’s the wrong kind of attention.
Speaking of which, espionage was the motivation for 5% of financial industry breaches in the 2024 report, but 12% in this latest one, suggesting that geopolitical threats are on the rise.
59% of breaches are blamed on organized crime, which is behind almost all ransomware attacks.
Healthcare
Financial motives drove 90% of successful attacks on healthcare providers, and espionage made another appearance, accounting for 16% of all cases, up from just one percent in the 2024 report.
45% of breaches leaked lucrative medical information, and 40% snagged personal data. 74% of the 1,542 breaches involved system intrusion, miscellaneous errors, and the mysteriously named “everything else,” suggesting systemic defense weaknesses, while 30% occurred because of privilege misuse, which points to inadequate management of internal threats.
While 67% of threat actors were external and 30% internal, “Partners” accounted for 4% of the total. This will no doubt include third-party software providers whose apps are essential for functionality but offer a tempting attack route if they’re not adequately defended. Reflectiz maps these and every other element in a website’s digital supply chain, then pinpoints suspicious attempts to manipulate them, as well as raising alerts when they try to send data off to shady domains.
Retail
The picture for online retailers hasn’t changed much, but then it’s still as challenging as ever, with 100% of breaches motivated by financial reward. 96% of breaches came from external threat actors, with 12% leaking payment details and 26% user credentials. System intrusion, social engineering, and basic web application attacks account for 93% of breaches.
The report also notes that espionage was a factor in 9% of attacks, implying that some state actors are hacking stores to funnel funds to whatever regime is sponsoring them. On that point, the report says that “Along with a focus on protecting the payment data, defenders need to realize that they may be targeted by somewhat more sophisticated (and harder to detect) actors as well.”
Not good news.
Magecart
Magecart infections are still a big worry for e-commerce sites, accounting for 80% of breaches involving payment cards, but the report found that they don’t just affect online retailers. For instance, an insurance website may have a checkout page, but it wouldn’t fall under the retail category, so the message here is that if you do offer an online payment option, a Magecart attacker is likely to visit you sometime.
It’s easy to see why that is tempting for them. JavaScript is the language of the web, powering millions of payment pages, so if an attacker can inject compromised code into a website to steal visitors’ payment details, they can then choose between defrauding the owner themselves or selling the details to other criminals. That’s why Reflectiz continuously monitors websites for the kind of suspicious JavaScript changes that can signal the start of a Magecart attack.
The research team analyzed a multi-year dataset and found that Magecart affects various countries and industries, targeting sites opportunistically rather than just large vendors, so the takeaway here is that businesses of all sizes are at risk and can’t afford to skimp on protection.
It’s Not Just Big Companies at Risk
The report notes that SMBs (businesses with fewer than 1000 employees) suffered four times more data breaches than larger organizations. Ransomware attacks were the dominant type, accounting for close to 90% of small business breaches, but for larger organizations, the figure was just under 40%.
Does this mean that ransomware groups are more successful with these attacks on smaller businesses because they encounter weaker security measures? It could be that smaller budgets mean they can’t field such sophisticated defenses as their larger counterparts, but that’s what attackers seem to be banking on.
Another factor is that ransomware attackers are facing a downturn in their fortunes; fewer businesses are willing to pay to get their data back (cue the world’s smallest violin), and when they do, they are paying less. Victims paid an average of $115,000, down from $150,000 last year, and 64% of victims didn’t pay up at all.
Against this backdrop, we might assume that smaller businesses with less robust defenses look like a better attack option, and that enough of them are paying up to keep the bad guys in business.
It’s worth remembering here that even those businesses who don’t pay off the ransomware gangs may still find themselves in serious financial difficulty due to fines from data protection regulators, industry regulators, and from data breach victims pursuing them through the courts for damages.
Conclusion
Health, finance, and retail sector businesses are still very appealing targets to common cybercriminals and state-sponsored actors alike. Third-party data breaches have doubled, ransomware attacks are on the rise, and perennial favorites like Magecart continue to be a threat, helped on their way by human error and other gaps in defenses. So, there’s never been a more urgent need to choose Reflectiz and protect your website and its assets.
Subscribe to our newsletter
Stay updated with the latest news, articles, and insights from Reflectiz.
Related Articles
Your Website looks great!
But what’s happening behind the scenes?
Discover your website blind spots and vulnerabilities before it’s too late!
