Verizon data breach report flags SIM swap, web app, e-commerce attack

Cyberattacks on web applications, e-commerce infrastructure, and mobile-connected devices have surged globally, with small businesses disproportionately affected, according to Verizon Business's 2025 Data Breach Investigations Report (DBIR).

The DBIR analysed over 22,000 cybersecurity incidents across 139 countries, including 12,195 confirmed data breaches. The report covers the period from 1 November 2023 to 31 October 2024.

The 2025 edition revealed that system intrusion, basic web application attacks, and social engineering collectively accounted for 97% of breaches in the Asia-Pacific (APAC) region. Notably, 80% of breaches in APAC stemmed from system intrusion alone, up from 38% last year.

Ransomware and Third-Party Risks on the Rise

The report highlighted a concerning rise in malware-related breaches in APAC, which increased from 58% in 2024 to 83%, with ransomware appearing in 51% of all incidents. Email remained the key vector for malware distribution, underscoring vulnerabilities in phishing defence and credential management.

Globally, ransomware was involved in 44% of breaches, marking a 37% rise from the previous year. While the median ransom paid declined to USD 115,000, the financial and operational impact remained acute, especially for small and medium-sized businesses (SMBs). These businesses experienced ransomware in 88% of their breaches, compared to 39% among larger organisations.

“This year’s report reinforces the growing complexity and persistence of cyber threats facing organisations worldwide,” said Robert Le Busque, Regional Vice President, Asia Pacific for Verizon Business. “In the Asia-Pacific region in particular, external actors are targeting critical infrastructure and exploiting third-party vulnerabilities.”

The DBIR also indicates that third-party involvement in breaches during the period doubled to 30%, often through misconfigured or insecure vendor systems. Notable breaches involving platforms such as Snowflake and CDK Global underscored the risk of weak multi-factor authentication (MFA) and exposed credentials. The DBIR found that 54% of ransomware victims had credentials already available in info stealer malware logs.

Mobile Devices and E-Commerce Under Fire

Credential abuse has become a pressing threat, particularly across e-commerce environments and organisations with extensive mobile device usage. The report highlights how bring-your-own-device (BYOD) practices have expanded the attack surface, with 46% of compromised systems containing corporate login data being non-managed personal devices. These endpoints often hosted both personal and business credentials, making them prime targets for infostealer malware.

SIM swapping attacks, which allow cybercriminals to bypass MFA and take control of mobile accounts, have escalated in scope. As businesses increase mobile integration into operations and customer platforms, this attack vector is expected to gain further traction.

Small businesses remain the most exposed, often lacking the resources for a comprehensive security infrastructure or timely vulnerability patching. “Organisations that do not have the proper IT and cybersecurity maturity—often the SMB sized organisations—are paying the price for their size with ransomware being present in 88% of breaches,” said Craig Robinson, Research Vice President, Security Services at IDC.

“While there is no magic pill to alleviate the pain of cybersecurity attacks, Verizon’s leadership in educating the public on attacker motives, tactics, and techniques is a key head start in raising global awareness,” he added.

Industry Spotlight: Who is Being Hit the Hardest?

The DBIR also revealed how evolving cyber threats are impacting different industry sectors. The report indicates that espionage-motivated breaches have risen significantly in the manufacturing and healthcare sectors, where attackers target intellectual property and patient data.

In the education sector, breaches were often the result of credential theft and web application attacks, reflecting vulnerabilities in remote learning platforms and academic portals. Financial services continued to face system intrusion and ransomware threats, exacerbated by supply chain dependencies and complex IT environments.

Retail, particularly e-commerce operations, experienced widespread web application attacks and credential abuse. The combination of high transaction volumes, exposed APIs, and third-party integrations made them prime targets for cybercriminals.

Strengthening Defences in a High-Risk Landscape

The 18th edition of Verizon’s DBIR recommends that organisations revisit their security frameworks, increase MFA adoption, and audit third-party risks during procurement and ongoing operations. The report also advises secure coding practices and enhanced monitoring of cloud-based and mobile platforms to limit credential theft and application abuse.

Besides, the industry-specific findings indicate a clear need for sector-specific cybersecurity frameworks and threat mitigation strategies beyond general best practices. The findings present a clear call to action, particularly for smaller firms seeking to survive in a digitally connected world fraught with increasing threats. Proactive risk management, threat awareness, and cyber insurance are quickly becoming non-negotiable for maintaining business continuity.