The latest Verizon Data Breach Investigations Report (DBIR) for 2026 reveals a significant shift in data breach trends. In 2025, vulnerability exploitation emerged as the primary method for data breaches, surpassing credential theft, which previously led the list.
Key Findings from the Verizon 2026 DBIR
The report analyzed a total of 31,000 security incidents, with over 22,000 confirmed breaches—an alarming increase from the 12,195 breaches reported the previous year. Notably, 31% of these breaches were due to unpatched vulnerabilities, while credential abuse accounted for 13%.
Verizon’s findings highlight the growing use of artificial intelligence (AI) by cybercriminals to rapidly exploit vulnerabilities. This has drastically reduced the response time for defense from months to mere hours, posing a significant challenge for security teams.
Challenges in Patching and Remediation
Organizations continue to face hurdles in effectively patching vulnerabilities. The median time required for full patching rose to 43 days in 2025, compared to 32 days in 2024. Moreover, only 26% of security flaws listed in the CISA’s Known Exploited Vulnerabilities catalog were patched, a decline from 38% the previous year.
The report also notes a 50% increase in the median number of critical flaws requiring patching, underscoring the urgency for improved vulnerability management practices.
Increasing Threats from Ransomware and Third-Party Involvement
Ransomware played a role in 48% of confirmed breaches in 2025, up from 44% in the prior year. Despite this, ransom payments saw a decline, with the median payment falling below $140,000. Only 31% of ransomware victims opted to pay the ransom.
The report also highlights a 60% rise in breaches involving third-party software and services, with such incidents accounting for 48% of the total breaches. This increase highlights the growing risk associated with third-party dependencies in cybersecurity.
Emerging Trends in Cybersecurity
Threat actors are increasingly relying on generative AI for various cyberattack phases, including targeting, initial access, and malware development. The report found that the median threat actor used AI assistance in 15 different techniques, with some employing it in up to 50 techniques.
Additionally, the unauthorized use of generative AI, or ‘Shadow AI,’ remains a concern, as 67% of employees access AI services from corporate devices using personal accounts. The report indicates that 45% of employees are now regular AI users, up from 15% last year.
Verizon’s report underscores the need for proactive vulnerability management, focusing on identifying and addressing flaws during development stages. As generative AI continues to evolve, its impact on cybersecurity strategies will be significant.
