2025 Data Breach Investigations Report

There was a noticeable decrease in the median ransom amount paid.

Manufacturing has experienced a dramatic, nearly sixfold surge in espionage-motivated breaches, jumping to 20% from just 3% last year.

Retail organisations have weathered a 15% increase in cyber incidents since 2024.

Ransomware is now present in 44% of breaches.

Social Engineering was the second-most common incident pattern in the region, with phishing appearing in 19% of breaches in EMEA.

Ransomware attacks rose by 37% since last year.

64% of victim organisations did not pay ransoms this year, compared to 50% two years ago.

In APAC, only 1% of threats are from internal actors, and North America, where internal threats account for just 5% of breaches.

For organisations without the proper IT and cybersecurity maturity, often SMBs, ransomware is present in 88% of breaches

System intrusion breaches in EMEA surged to 53%, nearly doubling last year’s rate of 27%.

Although EMEA experienced the highest percentage of breaches caused by internal actors, the number of insiders decreased by 41% in 2025.

Within EMEA, 19% of breaches were attributed to unintentional mistakes, and 8% involved misuse.

Third-party involvement in breaches doubled to 30% in this year's report.

There was a 34% surge globally in vulnerability exploitation as an initial attack vector.

In EMEA, nearly a third (29%) of breaches originated from within the organisation.