New Verizon Report Reveals the Security Gap Attackers Are Exploiting Most

New Verizon Report Reveals the Security Gap Attackers Are Exploiting Most

New Verizon Report Reveals the Security Gap Attackers Are Exploiting Most

Image: ภัทรชัย รัตนชัยวงค์/Adobe

Verizon’s 2026 DBIR shows vulnerability exploitation, AI-enabled attacks, third-party risk, and ransomware are reshaping cyber threats.

Écrit par
Ken Underhill
Ken Underhill
May 21, 2026

The 2026 Verizon Data Breach Investigations Report (DBIR) paints a clearer picture of today’s cybersecurity landscape: attackers are moving faster, artificial intelligence is accelerating cybercrime, and organizations continue to struggle with foundational security practices.

Key takeaways from the 2026 Verizon DBIR report

According to the report:

  • Vulnerability exploitation (31%) overtook credential abuse (13%) as the top initial access vector in the 2026 Verizon DBIR.
  • AI-driven cyberattacks are accelerating, with threat actors using GenAI for phishing, reconnaissance, and malware development.
  • Humans accounted for 62% of breaches, underscoring the importance of security awareness and human-centered security strategies.
  • Third-party breaches surged to 48% of incidents, highlighting growing risks in the software supply chain and among vendors.
  • Ransomware remained one of the most dominant threats, impacting 96% of small and midsize businesses (SMBs).

Based on an analysis of more than 31,000 security incidents and over 22,000 confirmed data breaches across 145 countries, the report highlights that vulnerability exploitation, third-party risk, ransomware, and human error remain the dominant drivers of compromise.

“With vulnerability exploitation now the leading initial access vector and RMM abuse up 240% year-over-year, attackers have perfected operating within the tools and infrastructure organizations already trust,” said Will Baxter, Head of Product at Team Cymru, in an email to eSecurityPlanet.

John Watters, chairman and CEO at iCOUNTER, added, “The DBIR’s finding that third-party involvement reached 48% of breaches this year, following a 60% year-over-year increase, should fundamentally change how organizations think about cyber risk and systemic exposure.”

Vulnerability exploitation overtakes credential abuse

One of the most important findings in this year’s DBIR is that the exploitation of vulnerabilities has officially overtaken credential abuse as the leading initial access vector.

According to Verizon, exploitation of vulnerabilities now accounts for 31% of initial access methods, while credential abuse has dropped to 13%. This shift reflects the growing number of exposed internet-facing systems and the increasing use of AI by threat actors to accelerate attacks.

The report also highlights a widening remediation gap. Only 26% of critical vulnerabilities listed in the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog were fully remediated in 2025, and the median remediation time increased from 32 days to 43 days.

Threat actors are exploiting vulnerabilities faster than organizations can remediate them, creating a growing imbalance between attackers and defenders.

Advertisement

AI is accelerating cybercrime

Artificial intelligence is another major theme throughout the report.

Verizon notes that cybercriminals are using generative AI (GenAI) to automate reconnaissance, generate phishing content, conduct vulnerability research, and even assist in malware development. The report warns of the rise of autonomous adversaries, where AI-driven attacks become faster, more scalable, and more adaptive.

The rise of shadow AI and insider risk

AI is not only creating external threats but also introducing new insider risks.

The DBIR also examined the rise of shadow AI, which refers to employees using unauthorized AI tools and non-approved accounts on corporate systems.

Verizon found that 67% of users accessed AI services through non-corporate accounts on company devices, while 45% of employees are now regular AI (approved or not) users on corporate systems, up from just 15% the previous year.

Employees were found uploading source code, technical documents, and other sensitive data into external AI platforms, increasing the risk of data leakage and intellectual property exposure.

Human error remains a major security challenge

Despite the growing role of AI in cyberattacks, Verizon found that human involvement still contributed to 62% of breaches in 2025.

Social engineering attacks continue evolving toward voice phishing, mobile-centric attacks, and real-time impersonation tactics that leverage AI. The report bluntly reminds readers that people are not computers and stresses the importance of designing security programs around real human behavior rather than unrealistic expectations.

Must-read security coverage

Advertisement

Third-party risk continues to grow

Third-party risk also emerged as one of the fastest-growing concerns in the report.

Verizon found that 48% of breaches involved a third party, up from 30% the previous year. Organizations increasingly rely on interconnected vendors, cloud providers, SaaS platforms, and APIs, in which a single compromise can affect multiple organizations simultaneously.

Several major breaches analyzed in the report involved attackers compromising multiple third-party providers during the same campaign.

Ransomware still dominates the threat landscape

Ransomware continues to dominate the threat landscape.

According to the DBIR, ransomware was present in 48% of all breaches analyzed in 2025. Small and midsize businesses (SMBs) remain especially vulnerable, accounting for approximately 96% of ransomware victims for which organization size was known.

Verizon notes that many ransomware campaigns are opportunistic, targeting organizations with stolen credentials, unpatched vulnerabilities, or limited security resources.

DDoS attacks are increasing in scale

The report also highlights the rapid growth of distributed denial-of-service (DDoS) attacks. Verizon observed that the largest DDoS attacks increased by 198% in bits per second and 156% in packets per second.

Finance, professional services, and manufacturing sectors remained the most heavily targeted industries.

Cybersecurity fundamentals still matter most

Perhaps the most important takeaway from the DBIR is that cybersecurity fundamentals still matter. Attackers are increasingly leveraging AI and automation to scale cyberattacks faster than ever.

Despite these evolving threats, Verizon’s report emphasizes the continued importance of asset visibility, multifactor authentication (MFA), patch management, security awareness training, third-party risk, and incident response readiness.

Editor’s note: This article originally appeared on our sister publication, eSecurityPlanet.

Ken Underhill

Ken Underhill is an award-winning cybersecurity professional, bestselling author, and technology leader with more than 25 years of experience in IT, cybersecurity, and risk management. His career spans network administration, incident response, penetration testing, and entrepreneurship, giving him firsthand experience helping organizations reduce risk and ensure compliance. Ken is also a former nurse and combat medic and he uses this background to break down complex cybersecurity topics into digestible content for a broad, global audience. A multi-exit cybersecurity founder, Ken has spent decades helping organizations strengthen their security posture, manage risk, and navigate complex technology challenges. His expertise includes overall cybersecurity strategy, cloud security, incident response, risk management, security awareness, and emerging threats affecting businesses. Ken is also an advisor to multiple startups on AI security and risk. In addition to his hands-on industry experience, Ken is a cybersecurity newsletter writer for TechnologyAdvice, where he covers cybersecurity news/trends and actionable best practices for business and IT professionals. Ken is also an educator with over 2 million people going through his courses over the years. He has won the Global Cybersecurity 40 under 40 (2x winner), the Cyber Champion award from Women's Society of Cyberjutsu, and the 2019 SC Media award for Outstanding Educator. Ken is also a volunteer with organizations like Minorities in Cybersecurity, Black Girls Hack, and the Whole Cyber Human Initiative, which helps veterans transition into security careers. Ken holds a Master of Science in Cybersecurity and Information Assurance from Western Governors University and a Bachelor of Science in Information Systems, with a major in Cybersecurity Management, from Strayer University. His certifications include the Certificate of Cloud Security Knowledge (CCSK), Certified Ethical Hacker (CEH), and Computer Hacking Forensic Investigator (CHFI) and he is a former adjunct professor of Digital Forensics. Ken also had a streaming cybersecurity television show from 2020-2022 that reached over 200K monthly viewers around the world. His work and expertise have been featured in Forbes, Reader's Digest, Medium, TechRepublic, Fox, NBC, CBS, Dark Reading, MSN Money, and other leading publications and media outlets, making him a trusted voice on cybersecurity, election security, and privacy.