A duo of senior figures from Verizon Business’ international operation pointed to an increase in enterprise breaches stemming from third party ecosystems and suppliers, as it revealed the results of its annual security study.
In the analysis of more than 22,000 security incidents across the globe for its 2025 Data Breach Investigations Report, it found issues relating to third party systems doubling year-on-year to 30 per cent of incidents.
These suppliers, which include anyone from accountants to tech partner ecosystems, were described as among security weak points for enterprises by Ashish Khanna, senior MD global security solutions at Verizon Business.
Discussing the results of the study at a London media event, alongside his advice for enterprises when dealing with third parties, Khanna recommended “proper network separation and control, and making sure as you’re looking at credentials and their password management”.
He highlighted a need for policies giving “proper control over what they influence and what you influence”.
“As you move into their platforms the credentials and user management becomes more difficult,” the expert cautioned.
Other general action areas for enterprises cited by Khanna were preventing credential abuse by ensuring dormant user accounts are shut down, “proper access control management,” and continuous vulnerability programme management.
Threats
In the report, Verizon noted there had been a 34 per cent increase in vulnerability exploitation globally since figures published in its report released in 2024. In its last study the number was up 180 per cent on the 2023 version.
“We saw a significant increase in vulnerabilities,” Alistair Neil, MD advanced solutions international at Verizon Business said, adding this now accounted for 20 per cent of all breaches.
Ransomware, he noted, was an area “that just keeps on growing” with attacks up 37 per cent on the previous report and this element now present in 44 per cent of breaches.
Its latest batch of information, which is collated from enterprises and other sources, pinned the median average amount paid in ransoms at $115,000, down from $150,000 in its report released in 2024.
Neil added 64 per cent of companies within its latest dataset did not pay the criminals at all.
Despite the dip in the average sum being paid, he indicated the figure was skewed slightly by the number of smaller businesses hit, with payments made by larger enterprises tending to be on a bigger scale.
In EMEA, Verizon’s report pointed to a trend of almost a third of breaches originating from within an organisation, with 19 per cent down to “unintentional mistakes” and 8 per cent involving misuse such as unauthorised use of data against company policy.
These trends, the company noted, indicated a “critical” need for companies to strengthen internal cybersecurity.