The latest Verizon 2025 Data Breach Investigations Report reveals a clear trend. Incidents involving third parties (a newly tracked metric) rose by 100% since the last edition, doubling from 15% to 30% in only a year’s time.
AI-generated scam emails have also doubled, and ransomware is now found in 44% of all cybersecurity attacks across the board, as well as in nearly all (88%) of SMB attacks.
As threat actors continue to push the bounds of what’s possible by leveraging bigger tools and attacking smaller entities, the message should be clear. Weak supply chain links are the target, ransomware is coming for them, and AI is increasingly the weapon of choice across the board.
Nearly 1 in 3 Attacks Are Third Party-Related
As was stated, incidents involving third parties shot up from 15% in 2023 to 30% this last year. The exploitation of software vulnerabilities was included in this lineup, because it is ultimately third parties that make the software.
System Intrusion accounted for 81% of third-party attacks, things like ransomware, phishing, credential theft, and exploited vulnerabilities. Next in line (by a long shot) were Social Engineering and Basic Web Application Attacks at 5% each. The report also cited “notable incidents this year involving credential reuse in a third-party environment.” In these cases, 94 days was the median time to completely remediate the presence of these leaked secrets in a GitHub repository.
While the entity at the top of the supply chain increasingly bears the legal responsibility for third-party security liability across the board (at least according to most compliance standards in effect), the message to third parties should be clear. As externally contracted entities are increasingly seen as a flight hazard, a strong cybersecurity posture is going to be a major competitive factor going forward. Nothing says “pick me” like a clean bill of health.
Twice As Many AI-Crafted Emails
Verizon reports that the number of AI-generated emails has doubled over the past two years, and that there is “evidence of its use by threat actors as reported by the AI platforms themselves.”
According to recent research, AI does at least as well as humans in convincing users to click, attaining a 60% success rate overall (comparable to human-generated content). At the rate at which learning models learn, it’s very likely that they will only get better, and probably soon.
Of even more concern is the number of employees that access generative AI on work machines — currently 15%. Corporate data copied and pasted into the models — say when an employee wants to “summarize this 117-page report” — is immediately absorbed and available to access by anyone asking the right questions.
The fact that most were using a non-corporate email address shows some level of propriety, though it could also reflect the fact that the use of GenAI was outside of company policy. An additional 17% used their workplace emails but without an integrated authentication system in place. This also seems to suggest a desire for anonymity, as an error made in the model — perhaps one with negative consequences to the business — could potentially be traced back.
Ransomware and SMBs
Why the little guys? Because if attackers play it just right, they can get an incredible amount of bang for their buck. The DBIR notes the “calamitous fiasco” that was the 2024 National Public Data breach. The company, staffed by only a “handful” of employees, handled millions of records used for background checks and was the target of an attack exposing 2.9 million of those records (including addresses and SSNs) on the dark web.
Ransomware operators favor small businesses, as nearly nine in ten (88%) of all attacks targeting SMBs are infused with the note-dropping payloads. This is compared to a 39% presence in ransomware attacks generally. Thankfully, the median ransom amount paid across any size entity went down considerably, dropping to “only” $115,00 (from $150,000 last year).
It can be hard for smaller organizations to defend their environments, especially in the cloud (where 63% of SMB workloads are now predicted to reside). Having achieved AWS Small and Medium Business (SMB) Competency status, Fortra is specially qualified to help SMBs securely manage their cloud applications.
Other Highlights from the Verizon 2025 DBIR
Additional significant stats reported in the Verizon 2025 include:
The human element remains a feature in 60% of attacks (same as last year).
Exploited vulnerabilities are a part of 1 in 5 attacks (up by 20%).
Stolen credentials account for 32% of all attacks.
Manufacturing was the hardest-hit industry by ransomware (17%), followed by Professionals (15%) and Healthcare (7%).
And the assets that receive the most threat actor attention in an attack? Web applications (43%) and Email servers (38%), largely because they are in the line of fire for both credential abuse and exploited vulnerabilities.
Time to Adjust Our Sights?
While there are concerning indicators across the board, the doubling trends of AI-infused emails and third-party threats speak loudly. The fact that ransomware so prominently targets SMBs (many of which are downstream partners of the “big guys”) speaks volumes, too.
As more enterprises continue to bulk up with increasingly sophisticated cybersecurity tooling, attackers look for weak points in the defenses to make their moves. All too often, those poorly defended areas are our front-line employees and moderately guarded third-party partners (especially the ones that provide software, an incredibly efficient vehicle in itself). As we guard the doors, threat actors get better at trying the windows. The challenge for this coming year will largely be whether we can get to them fast enough.
Fortra helps organizations break the attack chain. Solutions like Fortra Security Awareness Training, Fortra Cloud Email Protection, and Fortra Ransomware Defense can improve security outcomes and future-proof businesses against today’s latest attacks.
Break the Attack Chain with Fortra®
Advanced offensive and defensive security solutions. Complete attack chain coverage. Shared threat intel and analytics. Add Fortra® to your arsenal.