Verizon researchers discovered that exploited flaws have been the foundation reason for breaches in 31% of circumstances, with credential abuse blamed for 13% of security failures. In a nod to patch administration difficulties within the enterprise, just one in 4 (26%) crucial vulnerabilities have been absolutely remediated in 2025 with the median patch time rising to 43 days, up from 32 days the 12 months prior, based on Verizon’s DBIR.
Root trigger evaluation
Verizon’s research relies on an evaluation of 31,000 security incidents — of which 22,000 have been confirmed data breaches — involving victims spanning 145 international locations.
Incident response specialists quizzed by CSO confirmed the rise in vulnerability exploitation as a method for breaking into enterprises is actual.
“Attackers observe the trail of least effort at scale, and proper now that path runs by unpatched perimeter and edge gadgets, the place a working exploit wants no prior entry, no phished person, and no breach information to purchase,” notes Daniel Bechenea, security supervisor at offensive security and vulnerability evaluation platform Pentest-Instruments.com.
