Essential Insights From Verizon’s 2025 Data Breach Investigations Report

Essential Insights From Verizon’s 2025 Data Breach Investigations Report Featured Image
Essential Insights From Verizon’s 2025 Data Breach Investigations Report Header Image

Great news: Verizon has released its 2025 Data Breach Investigations Report (DBIR). And just like the previous 17 iterations, this year’s report is jam-packed with valuable cybersecurity insights.  

What sort of security breaches are most common? What’s creating vulnerabilities? And which specific areas are threat actors exploiting? Verizon analyzed 22,052 security incidents (across 139 countries) to answer those questions. 

For Intelisys Sales Partners, the DBIR is an invaluable resource. Not only does it show you which security concerns are most pressing for your customers, but it also gives you talking points for discovery conversations.  

Below, we’ll highlight the most meaningful findings from the 2025 DBIR – and explain how these insights can help you deliver for customers.  

The DBIR as a Sales Tool 

As Derek Boxdell, Verizon’s Senior Director of Cybersecurity Sales, explains, the DBIR:

“isn’t just data; it’s a sales tool. The single most important insight to convey to customers is that cybersecurity is now a business risk conversation, not a technical one. Partners who lead with risk, who help customers understand their exposure, what it could cost, and how they can quantify the value of protection stand out.” 

“Verizon’s solutions like MxDR, Identity & Access Management, and risk quantification services are built to answer the real questions boards and CFOs are asking: Are we doing enough? Is it working? And how do we know? Use the DBIR briefing as an opening to elevate the conversation… then follow with a solution that directly maps to risk reduction and outcome delivery.” 

2025 DBIR – Three Key Findings 

The 2025 DBIR offers 115 pages of data, from general trends to regional and industry-specific insights. Should you look at all of it? Honestly, it wouldn’t hurt – but for now, we’ve pulled out 3 key takeaways that will definitely enhance your conversations with customers.  

#1 – More “Third Parties” Are Involved in Breaches 

For years, the percentage of security breaches involving “third parties” has been increasing – and in 2024, it reached an astonishing 30%. This figure is twice as high as it was the previous year, when third parties were involved in just 15% of breaches.  

This danger is commonly referred to as “vendor risk.” Vulnerable third parties can include: 

  • SaaS applications that host company data 
  • Private Cloud and Public Cloud services that host company servers and data 
  • MSPs that provide support services and have access to company data 

Among the data breaches with third-party involvement, 81% involved “system intrusion,” and several notable incidents involved credential reuse in a third-party environment.  

In light of these statistics, Intelisys Sales Partners should remind organizations that, when they partner with a third party, they have to consider the third party’s security limitations. It isn’t always easy. As Verizon states in the DBIR, “Managing credentials will be harder in an environment you don’t control.” But with the right strategy, you can limit the risk. 

Here’s a three-pronged approach for addressing third-party vulnerabilities: 

  1. Risk Assessment. Identify the critical third parties an organization might invite into their enterprise environment. Then, determine (a) how much of a risk they pose and (b) how much risk the organization is willing to accept. If the third-party uses security measures like mandatory multifactor authentication (MFA), it lowers the risk of a breach.  
  2. Contractual accountability. Third parties should be held responsible when they create undue risks in enterprise environments. 
  3. Independent security assessments. It’s better to partner with third parties that maintain a cybersecurity certification like SOC II Type 2 or ISO 27000, and that conduct their own penetration testing (and share the results with customers).  

Ultimately, what happens on other people’s watch is always difficult to control – but organizations can reduce risk by taking the steps above.  

#2 – The Use of AI Is Producing Vulnerabilities 

Data from the 2025 DBIR points to a significant emerging threat: corporate-sensitive data leakage through generative AI programs.  

According to the report, 15% of employees regularly access generative AI on their corporate devices. Of those employees, 72% accessed the AI platforms through non-corporate email accounts, and 17% used corporate emails but without integrated authentication systems (like SAML – “Security Assertion Markup Language”). This is referred to as Shadow AI, a subcategory of Shadow IT.  (For more information see our Shadow AI training.) 

These statistics reveal a dangerous situation. Lots of employees are using AI, but not in accordance with sound cybersecurity practices or within the confines of established corporate AI policies. This is especially dangerous given the nature of the typical AI use case, which often involves uploading confidential data for the sake of completing a task. 

Intelisys Sales Partners can help customers mitigate risk by guiding them through the process of mindful AI implementation.  

Here are 3 steps all organizations should take as we head full-steam into the AI era: 

  1. Create an AI policy. This policy should answer three essential questions for employees: (a) What AI tools are we allowed to use? (b) What data can I upload into those AI tools? (c) If I accidentally use sensitive data with an AI tool, how do I report it?  
  1. Increase IT visibility. The more an organization can see into users’ tech activity, the better it will be at spotting unauthorized AI usage (a.k.a. “shadow AI”). 
  1. Implement an AI-enhanced Security Operations Center (SOC). Bad actors are already using AI to launch attacks; it’s time for organizations to fight fire with fire, leveraging AI to bolster their defenses. 

Employees are outpacing their employers in the rush to adopt AI. To maintain data security, organizations need to catch up. 

#3 – Increased Exploitation of Edge Devices and VPNs 

Every year, the DBIR tracks “initial access vectors” to see where data breaches begin. In 2024, 20% of non-error, non-misuse breaches stemmed from the “exploitation of vulnerabilities” (as opposed to other causes like phishing attacks or credential abuse). And among those “exploitation of vulnerabilities” breaches, 22% stemmed from targeted attacks on edge devices and virtual private networks (VPNs) – up from just 3% the year before.  

In other words, edge devices and VPNs are becoming an increasingly common initial access vector.  

According to the 2025 DBIR, “both ransomware operators and espionage-motivated threat actors” are launching these types of attacks “with great success.” The good news is that organizations are recognizing the danger, with the 2025 DBIR finding that 54% of edge device vulnerabilities had been fully remediated in the previous year.  

Intelisys Sales Partners should recognize that patching edge device vulnerabilities has become a major priority for organizations, and adjust the discovery process accordingly.  

For example, in the area of SD-WAN, Sales Partners often assume an organization’s main concern is network optimization – but, given the current threat environment, security may actually be the main priority. That means Sales Partners should consider leading with security when discussing SD-WAN.  

How Sales Partners Can Leverage the DBIR 

As an Intelisys Sales Partner, your goal is to act as a trusted advisor to your customers. The 2025 DBIR gives you an in-depth understanding of the current cybersecurity environment, allowing you to maintain “expert status” and guide customers towards the right IT solutions. It’s also a well-known resource that customers trust, giving you common ground for security conversations.   

Armed with insights from the 2025 DBIR, you can help customers: 

  • Avoid third-party involvement in data breaches  
  • Create a sound AI policy 
  • Patch edge device vulnerabilities  

During the process, you’ll encounter countless cross-selling opportunities while cementing your status as a trusted advisor in the cybersecurity space.  

Next Steps (and Additional Resources)  

Now you know what’s new in the world of cybersecurity. What’s next?  

Start by identifying customers or prospects who would be especially interested in the key findings from the 2025 DBIR. Then, reach out with pointed questions related to the specific vulnerabilities highlighted in the report.  

And be sure to leverage the additional resources at your disposal. Download the complete 2025 DBIR, access the customer conversation guides on Intelisys University, and schedule a DBIR briefing with an Intelisys Solutions Engineer.  

Related Posts

VIEW ALL POSTS

You Can’t Stop at Just WAN 

With SD-WAN, organizations can efficiently provide connectivity across locations. But connectivity isn’t all that SD-WAN offers. It’s also great for boosting cybersecurity.   In a recent SE Webinar, Bryan Nelson (National

Read More »

Blogs, Announcements, & Press

Quick Links

ScanSource

Intelisys University

MyIntelisys

Privacy Policy

California Consumer Privacy Statement

Get In Touch

Phone: 800.615.8330
Email: intel_info@scansource.com

Press Inquiries:
Natalyn Klump
Public Relations Manager
natalyn.klump@scansource.com
864.286.4420

Facebook Youtube Linkedin Instagram

Eddie Acosta

Senior Vice President, Sales

Eddie Acosta serves as Senior Vice President, Sales, where he leads the Intelisys regional sales and business development teams, while architecting the strategy to drive revenue growth and develop exceptional relationships with partners across the United States. In this role, Acosta also oversees the Solutions Engineering and Advanced Technologies teams, driving vision and creating synergies among the teams to best support Intelisys suppliers, partners and the end customer.

Acosta has more than 20 years of sales and management experience in the cloud-based technology services industry. His experience includes leading and managing sales leaders and channel managers, developing and executing go-to-market channel strategies and nurturing strategic partnerships.

Jolynn Antonacci

Vice President, Marketing

As Vice President of Marketing for Intelisys, Jolynn Antonacci oversees the organization’s overall marketing, brand and enablement strategies to support business objectives and drive sales partner success. She is responsible for developing and executing marketing initiatives in close collaboration with the sales team, focusing on events, enablement, and education, ensuring that Intelisys sales partners have the tools and resources needed to grow their business.

Antonacci is a proven channel leader with 20 years of experience driving business growth, executing innovative strategies and fostering strong relationships within the channel. With experience working with both suppliers and sales partners, she has a unique perspective on the business, leveraging her deep industry knowledge to drive impactful results.

Katherine White

Vice President, Channel Exchange

Katherine White serves as Vice President, Channel Exchange, focused on expanding cloud sales, operations, and delivery. She oversees SaaS distribution through Channel Exchange, a modern platform that enables Intelisys sales partners to accelerate procurement, meet customer needs, and expand into new service areas.

White joined ScanSource as Vice President of Business Strategy in 2021, bringing two decades of leadership in sales, operations, and finance, along with a proven history of building relationships and driving organizational change. In that role, she developed and maintained ScanSource’s strategic vision and ensured alignment with its growth goals and core values.

Ken Mills

President

Ken Mills serves as President of Intelisys and is committed to driving growth for Intelisys and our partners. As a distinguished technology executive with over two decades of experience, Ken has previously held leadership roles at EPIC iO, Dell Technologies and Cisco, and served as a fellow with the U.S. Department of State. His strategic mindset has been an integral part of launching innovative products and solutions in the fields of AI, IoT, and 5G. Ken is driven by his curiosity and passion for groundbreaking technology and complex problems, and constantly explores new frontiers in the world of technology.

Monica Lutes

Director, People & Culture

As Director, People & Culture, Monica has worked closely with Intelisys employees and leaders since 2018 and has worked with ScanSource companies since 2016. A Human Resources professional with 11 years of experience encompassing all areas of HR, especially employee relations, recruiting, compliance, and training, Monica approaches her role as Director, People & Culture from a consultative perspective. Her goal is to provide advice and guidance to leaders so they can focus on growing the best teams for the business while also supporting employees’ goals.

Ansley Hoke

SVP Marketing, ScanSource, Inc. and Intelisys

Ansley Hoke is the Senior Vice President of Marketing at ScanSource, Inc., a role she has held since 2019, and extended her leadership to include Intelisys in 2023. She joined the company in 2001, serving in merchandising leadership roles for ScanSource POS and Barcode, including acting Vice President of Merchandising and then later VP of Merchandising for ScanSource Catalyst and overall VP of ScanSource Catalyst. She oversaw sales, supplier relations, and services. Known for her pivotal role in creating effective marketing strategies, Ansley has been integral in driving demand, enhancing partner programs, and significantly contributing to the company’s revenue growth and channel relationships.

Mike Baur

CEO of ScanSource, Inc. and Interim President of Intelisys

Mike Baur serves as Chairman and Chief Executive Officer at ScanSource. Mike has served as the Company’s President or CEO since its inception, as a director since December 1995, and as Chairman of the Board since February 2019. Mike has developed a deep institutional knowledge and perspective regarding ScanSource’s strengths, challenges and opportunities. He has more than 30 years of experience in the IT industry, having served in various leadership and senior management roles in the technology and distribution industries before joining ScanSource. Mike brings strong leadership, entrepreneurial, business building and development skills and experience to the Board.

Stephanie Bouras

Regional Vice President, Southeast

Driven by a partner-first philosophy and a passion for innovation, Bouras embodies a leadership style that’s both compassionate and data-driven. As the Regional Vice President, Southeast, at Intelisys, she’s leveraged her extensive marketing and sales experience to propel her team to new heights. A firm believer in aligning herself with her partners, she sees herself as a collaborator and an integral part of their business. This perspective has allowed her to forge deep connections and drive success. A Florida native, Stephanie’s attention to detail and unwavering commitment to her partners have been key factors in her success.

Michael Raspanti

Regional Vice President, Northeast

Michael joined Intelisys in June of 2020, as a long-time channel veteran. He is responsible for leading the Northeast Region, helping continue the tremendous momentum in one of our strongest markets while also recruiting new up and coming partners that will be the growth engine of our future success.

Kristy Thomas

Vice President, Partner Experience and Enablement

Thomas is responsible for Sales Partner enablement and education for all our technology segments, including CX, managed security, mobility, and connectivity. With over 20 years of executive background in telephony, UCaaS, CCaaS and Cloud services, Kristy enables her customers to think broader and deeper as she guides them through their decision journey. Some of the biggest deals in the channel have become a reality thanks to the expertise and humble excellence Kristy brings to her client’s projects.