By Ashwani Mishra, Editor-Technology, 63SATS Cybertech
Verizon Business’ 2025 Data Breach Investigations Report (DBIR) reveals a dramatic spike in cyber intrusions across Asia-Pacific, with system intrusions responsible for 80% of all data breaches in the region—up from just 38% last year.
Based on analysis of over 22,000 security incidents across 139 countries, the findings underscore a troubling trend: external attackers are escalating their campaigns, especially through malware and ransomware, targeting critical infrastructure and third-party suppliers.
Robert Le Busque, Regional Vice President for Verizon Asia Pacific, warns: “These attacks aren’t just growing in number, but in intensity and complexity. The rising incidence of breaches highlights the imperative for businesses to reassess their risk frameworks.”
Malware and Ransomware Dominate: Email Now the Trojan Horse
In APAC, malware played a role in 83% of data breaches this year—a dramatic rise from 58% last year.
Email continues to be the primary delivery method for malware, turning inboxes into battlegrounds. Ransomware, meanwhile, featured in 51% of regional breaches, with threat actors often publicizing their exploits to pressure victims.
Social engineering incidents, by contrast, have declined to 20%, largely because system intrusions have surged. Still, the human element remains a central vulnerability.
Global Alarms: Exploits, Third-Party Breaches, and Human Error
Globally, zero-day vulnerabilities and misconfigured perimeter devices like VPNs remain prime targets. Exploitation of vulnerabilities has increased by 34%, and breaches involving third-party vendors have doubled. Human error and credential misuse continue to play a major role, frequently intersecting with social engineering tactics.
Ransomware continues its global rampage, contributing to 44% of breaches, although the median ransom paid has declined. Still, the cost remains steep, particularly for small and medium-sized businesses.
Sector Snapshot: Espionage Rises in Healthcare and Manufacturing
DBIR 2025 also flags espionage-driven attacks in the Manufacturing and Healthcare sectors. Financial, Retail, and Education institutions remain under persistent threat, while SMBs bear the brunt of ransomware—88% of their breaches involve ransom demands.
Craig Robinson of IDC puts it bluntly: “SMBs often lack the cybersecurity maturity or resources to bounce back. That’s why they’re soft targets.”
Silver Lining: Fewer Victims Paying Ransom
While ransomware prevalence is high, 64% of victim organizations refused to pay, a notable improvement from 50% two years ago. This trend suggests growing resilience and improved response planning.
With malware, ransomware, and third-party exploits on the rise, businesses must move from reactive defense to proactive resilience. The path forward is clear: sharpen cyber strategies, invest in awareness, and fortify digital borders before the next breach strikes.
