Verizon

89% of organizations have a specific mobile security budget.

57% of small and medium-sized businesses (SMBs) feel at a disadvantage compared to larger enterprises due to limited resources.

Only 17% of organizations have implemented specific security controls against AI-assisted attacks.

63% of organizations reported major operational disruptions due to downtime after a breach.

85% of organizations reported an increase in mobile device attacks in 2025.

39% of organizations that ran smishing simulations reported that up to half their employees clicked on a malicious link.

93% of organizations reported that their employees use generative AI tools on mobile devices.

75% of organizations increased their mobile security spending in the past year.

34% of organizations expressed concern that AI-powered attacks could significantly increase their risk exposure.

80% of organizations experienced phishing or smishing attempts targeting their staff.

50% of larger enterprises provide comprehensive AI risk training compared to 39% of small and medium-sized businesses.

63% of organizations that experienced a cyber incident reported significant consequences due to downtime, an increase from 47% in 2024.

64% of organizations identified data compromise through generative AI as their top mobile risk.

There was a noticeable decrease in the median ransom amount paid.

Manufacturing has experienced a dramatic, nearly sixfold surge in espionage-motivated breaches, jumping to 20% from just 3% last year.

Retail organisations have weathered a 15% increase in cyber incidents since 2024.

Ransomware is now present in 44% of breaches.

Social Engineering was the second-most common incident pattern in the region, with phishing appearing in 19% of breaches in EMEA.

Ransomware attacks rose by 37% since last year.

64% of victim organisations did not pay ransoms this year, compared to 50% two years ago.

In APAC, only 1% of threats are from internal actors, and North America, where internal threats account for just 5% of breaches.

For organisations without the proper IT and cybersecurity maturity, often SMBs, ransomware is present in 88% of breaches

System intrusion breaches in EMEA surged to 53%, nearly doubling last year’s rate of 27%.

Although EMEA experienced the highest percentage of breaches caused by internal actors, the number of insiders decreased by 41% in 2025.

Within EMEA, 19% of breaches were attributed to unintentional mistakes, and 8% involved misuse.

Third-party involvement in breaches doubled to 30% in this year's report.

There was a 34% surge globally in vulnerability exploitation as an initial attack vector.

In EMEA, nearly a third (29%) of breaches originated from within the organisation.