The new Verizon Data breach investigations report has been released, revealing that nearly a third (31%) of data breaches over the past year started with vulnerability exploitation. This is up from 20% in last year’s report. The report looks at the dramatic impact that AI and supply chains are having on businesses.
Ensar Seker, CISO at SOCRadar:
“The latest Verizon DBIR confirms what many defenders have been experiencing operationally over the past year: attackers are increasingly prioritizing speed and scalability. Vulnerability exploitation jumping from 20% to 31% is a major signal that threat actors are moving away from slower intrusion methods and focusing on exposed internet-facing assets, edge devices, third-party software, and unpatched vulnerabilities that can provide immediate access at scale. What is especially concerning is how this trend intersects with supply chain risk and AI-driven operational acceleration. Organizations are no longer defending only their own infrastructure. They are also inheriting the risks of vendors, MSPs, SaaS providers, open-source dependencies, and interconnected ecosystems.
A single exploited supplier can create downstream compromise opportunities across hundreds or thousands of organizations simultaneously, which dramatically increases attacker ROI. The AI component is equally important. While AI is currently improving productivity for defenders, adversaries are also leveraging automation to accelerate reconnaissance, phishing customization, vulnerability research, and operational decision-making. This lowers the barrier for less sophisticated actors while increasing the speed of mature threat groups. The result is a threat landscape where exploitation cycles are becoming shorter and organizations have less time to detect and respond. One of the biggest lessons from this year’s DBIR is that exposure management is becoming just as critical as traditional detection.
Organizations need continuous visibility into external attack surfaces, third-party dependencies, exposed credentials, vulnerable assets, and misconfigurations. The companies that reduce attacker dwell time will be the ones that can rapidly identify exploitable exposure before threat actors operationalize it. We are also seeing a growing divide between organizations that treat patching as a periodic IT function versus those treating vulnerability prioritization as an active cyber risk management process tied to real-world exploitation intelligence. Attackers are increasingly targeting the vulnerabilities organizations fail to prioritize correctly, not necessarily the ones with the highest CVSS score.”
Brian Higgins, Security Specialist at Comparitech:
“The DBIR is always a useful publication. The contribution community is quite unique and it’s worth reading how the data is collected and managed if you haven’t already. A study of results and trends etc. should inform a lot of budget allocation and decision making in the coming periods.The major takeaways this year are:
Vulnerability exploitation overtaking credential theft as the highest ranking breach method. This in itself should be a catalyst for some major resource restructuring.
AI is obviously changing the attack landscape but possibly more noteworthy is a reported 45% of employees using unauthorised generative AI allowing data leakage at alarming levels. Clearly some policy and enforcement measures could help here.
Third party/Supply Chain attacks now account for almost half of all reported breaches. Conclusive proof, should anyone still need it, that it’s not enough in today’s digital environment to simply put your own house in order. Your Network is dynamic and its security relies heavily on factors difficult to control. It’s more vital than ever to have a Plan for when things go sideways.”
I really suggest reading this report as it really provides a lot of insight as to what threat actors are up to and where your next threats may come from. That way you can plan your defences accordingly.
UPDATE: Dave Hayes, VP of Product at cybersecurity company FusionAuth, commented:
“Credentials continue to do a lot of damage, they just don’t look like passwords anymore. The Drift Breach wasn’t a traditional password breach, it was a token abuse problem. OAuth tokens are critical to modern apps, but they’re also incredibly powerful. If companies don’t know where tokens exist, what they can access, and when they expire, attackers will happily answer those questions for them.”
Related
This entry was posted on May 20, 2026 at 12:20 pm and is filed under Commentary with tags verizon. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
The Verizon 2026 Data Breach Investigations Report Is Out
The new Verizon Data breach investigations report has been released, revealing that nearly a third (31%) of data breaches over the past year started with vulnerability exploitation. This is up from 20% in last year’s report. The report looks at the dramatic impact that AI and supply chains are having on businesses.
Ensar Seker, CISO at SOCRadar:
“The latest Verizon DBIR confirms what many defenders have been experiencing operationally over the past year: attackers are increasingly prioritizing speed and scalability. Vulnerability exploitation jumping from 20% to 31% is a major signal that threat actors are moving away from slower intrusion methods and focusing on exposed internet-facing assets, edge devices, third-party software, and unpatched vulnerabilities that can provide immediate access at scale. What is especially concerning is how this trend intersects with supply chain risk and AI-driven operational acceleration. Organizations are no longer defending only their own infrastructure. They are also inheriting the risks of vendors, MSPs, SaaS providers, open-source dependencies, and interconnected ecosystems.
A single exploited supplier can create downstream compromise opportunities across hundreds or thousands of organizations simultaneously, which dramatically increases attacker ROI. The AI component is equally important. While AI is currently improving productivity for defenders, adversaries are also leveraging automation to accelerate reconnaissance, phishing customization, vulnerability research, and operational decision-making. This lowers the barrier for less sophisticated actors while increasing the speed of mature threat groups. The result is a threat landscape where exploitation cycles are becoming shorter and organizations have less time to detect and respond. One of the biggest lessons from this year’s DBIR is that exposure management is becoming just as critical as traditional detection.
Organizations need continuous visibility into external attack surfaces, third-party dependencies, exposed credentials, vulnerable assets, and misconfigurations. The companies that reduce attacker dwell time will be the ones that can rapidly identify exploitable exposure before threat actors operationalize it. We are also seeing a growing divide between organizations that treat patching as a periodic IT function versus those treating vulnerability prioritization as an active cyber risk management process tied to real-world exploitation intelligence. Attackers are increasingly targeting the vulnerabilities organizations fail to prioritize correctly, not necessarily the ones with the highest CVSS score.”
Brian Higgins, Security Specialist at Comparitech:
“The DBIR is always a useful publication. The contribution community is quite unique and it’s worth reading how the data is collected and managed if you haven’t already. A study of results and trends etc. should inform a lot of budget allocation and decision making in the coming periods.The major takeaways this year are:
Vulnerability exploitation overtaking credential theft as the highest ranking breach method. This in itself should be a catalyst for some major resource restructuring.
AI is obviously changing the attack landscape but possibly more noteworthy is a reported 45% of employees using unauthorised generative AI allowing data leakage at alarming levels. Clearly some policy and enforcement measures could help here.
Third party/Supply Chain attacks now account for almost half of all reported breaches. Conclusive proof, should anyone still need it, that it’s not enough in today’s digital environment to simply put your own house in order. Your Network is dynamic and its security relies heavily on factors difficult to control. It’s more vital than ever to have a Plan for when things go sideways.”
I really suggest reading this report as it really provides a lot of insight as to what threat actors are up to and where your next threats may come from. That way you can plan your defences accordingly.
UPDATE: Dave Hayes, VP of Product at cybersecurity company FusionAuth, commented:
“Credentials continue to do a lot of damage, they just don’t look like passwords anymore. The Drift Breach wasn’t a traditional password breach, it was a token abuse problem. OAuth tokens are critical to modern apps, but they’re also incredibly powerful. If companies don’t know where tokens exist, what they can access, and when they expire, attackers will happily answer those questions for them.”
Share this:
Like this:
Related
This entry was posted on May 20, 2026 at 12:20 pm and is filed under Commentary with tags verizon. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.