Vulnerability exploitation has surpassed compromised credentials as the primary method for data breaches, according to the latest Verizon Data Breach Investigations Report analyzing global cybersecurity incident trends.

Key Points

• Vulnerability exploitation accounted for 31% of all data breaches, rising from 20% in the previous year.
• Organizations remediated only 26% of critical vulnerabilities listed in the CISA Known Exploited Vulnerabilities catalog.
• Supply chain-related breaches surged by 60% annually, now representing 48% of all recorded data breaches.
• Approximately 45% of employees now use managed or unmanaged AI tools on corporate devices, increasing shadow AI risks.
• Mobile-based social engineering attacks, such as voice and text phishing, saw a 40% higher success rate than traditional email phishing.

Why it Matters

The shift toward vulnerability exploitation highlights a critical failure in patch management as organizations struggle to keep pace with an increasing volume of security flaws. This trend forces businesses to rethink their defense strategies, as reliance on manual remediation is no longer sufficient to mitigate risks from automated threats and supply chain vulnerabilities.