2025 Data Breach Investigations Report

Today’s threat landscape is shifting. Get the latest updates on real-world breaches and help safeguard your organization from cybersecurity attacks.

Key resources

2025 DBIR

Read the complete report for an in-depth, authoritative analysis of the latest cyber threats and data breaches.

Download report

2025 DBIR Executive Summary

Get an overview of the most prevalent attack patterns and industry-specific vulnerabilities to help protect your organization.

View summary

2025 DBIR infographic

Examine top data points from this year's report and learn how you can help strengthen your defenses against cyberattacks.

View infographic

Top takeaways

Explore eye-opening stats and critical findings from this year's report.

infographic_30_dbir_d_596x308.png

of breaches were linked to third-party involvement, twice as much as last year, and 
driven in part by vulnerability exploitation and business interruptions

infographic_34_dbir_d_596x308.png

increase in attackers exploiting vulnerabilities to gain initial access and cause security breaches compared to last year's report

infographic_54_dbir_d_596x308.png

of perimeter-device vulnerabilities were fully remediated by organizations in the past year, while almost half remained unresolved

infographic_44_dbir_d_596x308.png

of all breaches analyzed showed ransomware was present, marking a notable rise from last year’s report

Snapshots

Businesses of all sizes and across all sectors can be vulnerable to threat actors. Gain actionable insights to help protect your business from potential harm.

25cf021b-a00f-4a5c-bb0a-336217e705a4_dbir_bc_d_596x596.jpg

Learn key strategies to help mitigate cybersecurity risks and defend your organization and constituents against threats.

Descargar ahora

SMBs are being targeted nearly four times more than large organizations according to this year’s DBIR. Discover how to help defend your business.

Descargar ahora

Understand how malicious actors can access your company’s most sensitive financial data with little effort.

Descargar ahora

Explore the vulnerabilities that can put sensitive healthcare information at risk, and learn effective strategies to help protect patients and staff.

Descargar ahora

Identify the tactics cybercriminals are using to compromise manufacturing security systems, steal data and disrupt operations.

Descargar ahora

Learn how to help keep payment card data secure and protect your business and customers.

Descargar ahora

Cybersecurity Intelligence Briefings

Help prevent employee lapses and ransomware attacks that can jeopardize your organization’s finances and public image. Dive into the latest briefings and stay a step ahead.

Watch human-error video
Watch ransomware video

Be first to get the latest

Sign up to get the latest cybersecurity updates, reports and more.

Recibe actualizaciones

More reports

2024 DBIR

Learn how to prepare for cybersecurity threats, no matter the size of your organization. Review real-world breaches to help evaluate potential updates to your security plan.

Read 2024 report

2023 DBIR

Read our detailed analysis of 16,000+ global security incidents to help strengthen your cybersecurity awareness.

Read 2023 report

Explore past reports

2022 DBIR2021 DBIR2020 DBIR2019 DBIR2018 DBIR2017 DBIR2016 DBIR2015 DBIRView complete archive

Preguntas frecuentes

The DBIR is the authoritative source of cybersecurity breach information. It’s an annual report analyzing real-world data breaches—how they happen, who’s behind them and how businesses can help stay protected. Using global data, it provides key insights that can help companies stay ahead of cyber threats.

Our data is contributed by a wide range of organizations, including international law enforcement, forensic firms, law firms, cyber insurers, cybersecurity industry sharing groups and of course, our own Verizon Threat Research Advisory Center (VTRAC) caseload. Each year, the DBIR timeline for in-scope incidents is from November 1 of one calendar year through October 31 of the next calendar year. Thus, the incidents described in the 2025 edition took place between November 1, 2023, and October 31, 2024.

Yes! The DBIR goes beyond identifying threats. With the mapping provided to popular frameworks such as the Center for Internet Security Critical Security Controls, it offers a roadmap for what you can do to help combat the attacks you may possibly face. It highlights common attacks and vulnerabilities while providing expert strategies to help mitigate risks, from access controls to employee training.

No security strategy is foolproof, but businesses can help reduce risk by:

  • Using multifactor authentication (MFA) to block unauthorized access
  • Keeping software updated to fix security gaps
  • Training employees to spot phishing and threats
  • Encrypting sensitive data for added protection
  • Testing security defenses regularly
  • Having an incident response plan in place