• The latest Data Breach Investigations Report (DBIR) from Verizon Business assessed the impact of AI on cybersecurity
• Exploiting software flaws beat credential theft as the biggest source of cyberattacks for the first time
• Ransomware attacks are up, but fewer companies are paying out

Vulnerability exploitation has surpassed stolen credentials as the biggest cause of data breaches for the first time in almost two decades, according to a new cybersecurity report from Verizon Business, the enterprise services arm of major US telco Verizon.

The operator’s latest annual Data Breach Investigations Report (DBIR) reveals that nearly a third of all breaches start with vulnerability exploitation and that the use of AI is making this more prevalent: Previously, stolen passwords were the top means for hackers to illegally access systems.

Ransomware usage has continued to rise, according to Verizon’s data, with 48% of all breaches now involving this kind of attack. However, payouts are shrinking, with 69% of victims refusing to pay and the amounts that are paid out are decreasing – the average was $139,875 in the latest report, down from $150,000 the previous year.

Given the increasing use of generative AI across the world, it is unsurprising to see Verizon identify generative AI (GenAI) as having a significant impact on the threat landscape. Threat actors are increasingly using AI to help them at different stages of an attack, the report claims, including to identify targets, gain initial access and in the development of malware and other tools. On average, threat actors researched or used AI assistance in 15 different documented techniques, with some using as many as 40 or 50.

According to Verizon, almost half (45%) of employees are now considered regular users of AI on corporate devices, up from 15% cited in last year’s report. The use of shadow AI – unapproved AI tools that can put company data at risk – is also increasing, with 67% of users accessing non-corporate accounts on their work devices. Shadow AI has become the third most common, non-malicious data leakage-related activity.

“While the velocity of cyber threat – driven by AI and faster vulnerability exploitation – is increasing, the foundational principles of security and strong risk management remain the most effective defence,” said Daniel Lawson, SVP of global solutions at Verizon Business.

From a telecom perspective, mobile-centric (voice or text) ‘click’ rates had a 40% higher success rate than email, with pretexting – where an attacker sends an SMS as part of a ransomware or extortion attempt – becoming a more common part of hackers’ methodology. Phishing rates overall remained flat at 16%.

As to who is behind most attacks, organised crime accounts for the biggest group of threat actors. By this, Verizon doesn’t mean the kind of mob families you’d find in a Martin Scorsese film but businesses or organisations that run their criminal operations in a systematic, repeatable way. Organised crime groups were responsible for 87% of external attacks, followed by state-affiliated groups, which made up the bulk of the remainder.

Perhaps unsurprisingly, financial gain remains the biggest motivation for cybercriminals (at 88%), followed by espionage – though this is significantly smaller.

To carry out the latest edition of its DBIR, Verizon assessed 31,000 security incidents from around the globe, of which 22,000 were data breaches that occurred across 145 countries between November 2024 and October 2025. You can access the whole report here.

- James Pearce, Editor, TelecomTV