The Verizon Business 2025 Data Breach Investigations Report (DBIR) has highlighted a surge of system intrusions across the Asia-Pacific region (APAC). The report revealed that four of five data breaches in the region stemmed from such attacks - up from 38% the previous year.
The 18th report analysed more than 22,000 security incidents, including 12,195 confirmed data breaches spanning 139 countries. Malware increased from 58% last year in APAC to 83% this year, with ransomware accounting for 51% of breaches.
"This year’s report reinforces the growing complexity and persistence of cyberthreats facing organisations worldwide. In the Asia-Pacific region in particular, external actors are targeting critical infrastructure and exploiting third-party vulnerabilities. The rising incidence of breaches highlights the imperative for businesses to reassess their risk frameworks," said Robert Le Busque, Regional VP, Asia Pacific for Verizon Business.
Research highlights for APAC included:
● The absolute number of social engineering breaches has been on the decline since 2021. This category accounts for 20% of breaches in 2025 due, in part, to the sharp increase of system intrusion.
● Malware in data breaches jumped significantly, from 58% last year to 83% this year. Email was the key vector for distributing various types of malware.
● Ransomware now accounts for 51% of the total breaches in this region and remains highly visible as threat actors often publicise breaches.
Globally:
● Exploitation of vulnerabilities: This initial attack vector saw a 34% increase, with a significant focus on zero-day exploits targeting perimeter devices and VPNs.
● Ransomware attacks rose by 37% since last year, and are now present in 44% of breaches, despite a noticeable decrease in the median ransom amount paid.
The report also highlighted the disproportionate impact of ransomware
on small and medium-sized businesses (SMBs). In larger
organisations, ransomware was responsible for 39% of breaches, whereas a significantly larger proportion of breaches at
SMBs were ransomware-related. The
median ransom payment to cybercriminals last year, US$115,000, would be a great deal for
many SMBs to shoulder.
● The percentage of breaches involving third parties doubled, highlighting the risks associated with supply chain and partner ecosystems.
● Human involvement in breaches also remained high, with a significant overlap between social engineering and credential abuse.
 |
| Source: 2025 DBIR. Top patterns over time in APAC breaches. |
The 2025 DBIR also shed light on industry-specific trends, revealing a rise in espionage-motivated attacks in the manufacturing and healthcare sectors, as well as persistent threats to the education, financial, and retail industries.
By adopting a proactive and comprehensive approach to cybersecurity, businesses can help safeguard their assets, protect their customers, and ensure their long-term success in an increasingly digital world, Verizon Business said. “This year’s DBIR findings reflect a mixed bag of results. Glass-half-full types can celebrate the rise in the number of victim organisations that did not pay ransoms with 64% not paying vs 50% two years ago.
"The glass-half empty personas will see in the DBIR that organisations that don’t have the proper IT and cybersecurity maturity – often the SMB-sized organisations, are paying the price for their size with ransomware being present in 88% of breaches,” said Craig Robinson, Research VP, Security Services at IDC.
“While there is no magic pill to swallow that will alleviate the pain of cybersecurity attacks, Verizon’s leadership in educating the public on the types of attacker motives, tactics and techniques is a key head start in raising global awareness and cyber readiness.”
No comments:
Post a Comment