(TLP:CLEAR) Verizon’s 2026 Data Breach Investigations Report (DBIR)

Summary: Verizon released the 19th edition of one of the most sought-after annual reports – the Data Breach Investigations Report (DBIR) – which catalogs and analyzes the past year’s trends in cyber crime and provides a comprehensive view of the global threat landscape. Covering incidents and breaches between November 1, 2024, and October 31, 2025, this year’s 109-page report analyzes more than 31,000 real-world security incidents, including 22,000 confirmed data breaches across 145 countries.

Analyst Note: This year’s DBIR highlights several trends relevant to water and wastewater utilities, particularly around vulnerability exploitation, ransomware, third-party risk, and evolving social engineering tactics. Some significant findings include:

• Exploitation of vulnerabilities overtook credential abuse as the leading initial access vector for breaches, accounting for 31% of incidents, up from 20% last year. The report notes organizations are struggling to keep pace with remediation efforts as only 26% of CISA Known Exploited Vulnerabilities (KEVs) were fully remediated in 2025. This trend reinforces the importance of timely patching, asset visibility, and minimizing exposure of internet-facing systems.
• Ransomware continued to grow and was present in 48% of all breaches, up from 44% last year. While the median ransom payout decreased, 69% of victims declined to pay. Ransomware remains one of the most disruptive threats observed across critical infrastructure and continues to drive operational impacts and downtime.
• Third-party involvement in breaches increased significantly, rising 60% year-over-year and accounting for 48% of breaches. The report also found many organizations continue to struggle with remediating improperly secured cloud accounts, weak passwords, and MFA-related issues within vendor and third-party environments. Utilities increasingly reliant on managed service providers, cloud platforms, and other 3rd-party vendors may face elevated exposure through trusted external relationships.
• The DBIR also highlights the growing role of AI-assisted activity throughout the attack lifecycle, including vulnerability research, malware development, phishing, and initial access operations. Verizon noted threat actors are increasingly leveraging generative AI to accelerate and scale existing attack techniques rather than develop entirely new methods, potentially reducing defender response windows from months to hours in some cases.

Members are encouraged to review this seminal report and share the findings and insights within their organization to strengthen cybersecurity posture. The DBIR also makes a great resource for security awareness and education training topics.

Original Source: https://www.verizon.com/business/resources/reports/dbir/

Additional Reading:

• What the Verizon DBIR tells us about how breaches happen in 2026
• Verizon DBIR finds vulnerability exploitation overtakes stolen credentials as top breach entry point for critical infrastructure

Related WaterISAC PIRs: 6, 7, 8, 10, 11, 12