Verizon Business has released its 2025 Data Breach Investigations Report (DBIR), showing a big rise in system attacks across the Asia-Pacific (APAC) region. According to the report, four out of five data breaches in APAC were caused by system intrusions — a major jump from 38% the previous year.
This is the 18th year of the DBIR, which studied more than 22,000 security incidents, including 12,195 confirmed data breaches across 139 countries. In the Asia-Pacific region, malware use grew sharply, from 58% last year to 83% this year, with ransomware now making up 51% of all breaches.
“This report shows that cyber threats are becoming more complex and harder to stop, especially in the Asia-Pacific region,” said Robert Le Busque, Regional Vice President, Asia Pacific for Verizon Business. “External attackers are now targeting important infrastructure and exploiting weaknesses in third-party systems. Companies must rethink their cybersecurity plans to handle this growing risk.”
Key Findings for APAC:
- Social Engineering: The number of breaches from social engineering (tricking people into giving up information) has dropped since 2021. In 2025, it accounts for only 20% of breaches, partly because system intrusions have increased.
- Malware: Malware-related breaches rose sharply, with email being the main way malware is spread.
- Ransomware: Ransomware is now behind 51% of breaches in the region and often makes headlines when attackers make breaches public.
Key Global Highlights:
- Exploiting Vulnerabilities: Attacks that start by exploiting security holes grew by 34%, especially targeting VPNs and other entry points.
- Ransomware: Worldwide, ransomware attacks rose by 37%, now involved in 44% of breaches. However, the average ransom amount paid has gone down.
- Third-Party Risks: Breaches involving third parties doubled, showing the growing risks in supply chains and partnerships.
- Human Error: People still play a big part in breaches, especially through social engineering and stolen credentials.
The verizon report also found that certain industries are facing bigger threats. Manufacturing and Healthcare sectors saw more espionage-related attacks. Meanwhile, the Education, Financial, and Retail sectors continue to face serious cyber threats. Small and medium-sized businesses (SMBs) have been hit especially hard by ransomware.
Verizon’s 2025 DBIR stresses the need for businesses to take cybersecurity more seriously. With the median ransom payment last year at around $115,000, many SMBs are struggling to handle these attacks. Companies must be proactive to better protect their systems, customers, and future growth.
“This year’s DBIR has both good and bad news,” said Craig Robinson, Research Vice President at IDC. “On the positive side, 64% of organizations refused to pay ransoms, compared to only 50% two years ago. But smaller companies, which often don’t have strong cybersecurity systems, are suffering the most, with ransomware involved in 88% of their breaches. There’s no quick fix, but Verizon’s efforts to spread awareness about cyberattack methods are a strong step toward improving global cybersecurity.”
Also Read: Shopify Faces Revived Data Privacy Lawsuit in U.S. Appeals Court