Verizon Data Breach Report: What GTM Leaders Need to Know Today

Author

Taylor Wells
June 20, 2025

Unlocking Insights from the 2024 Verizon Data Breach Investigations Report: Key Takeaways from Security Revenue LIVE

This week’s episode of Security Revenue LIVE, hosted by Taylor Wells (CEO and founder of the Cyber GTM Alliance), and joined by joined by Anshuman Sharman, a seasoned member of Verizon’s Threat Research Advisory Center (VTRAC), whose global and hands-on experience offers a grounded perspective on what the latest data means for today’s cybersecurity and GTM leaders.

If you missed the live show, here’s a summary—packed with actionable insights for executives, product leaders, marketers, and service providers building the next wave of cybersecurity solutions.

What Makes the Verizon DBIR Unique

First, let’s clear up what the DBIR is (and isn’t). The Verizon Data Breach Investigations Report is not just another opinion poll or survey-based annual—its findings are grounded in real-world security incident data contributed by 70-80 organizations globally, including law enforcement and cybersecurity agencies. With contributors like Arctic Wolf, Dragos, Sophos, FBI, US Secret Service, Qualys, Tenable, and many more, the DBIR offers an unparalleled snapshot of breach trends worldwide.

The backbone of the report is the VERIS framework—a standardized taxonomy (Vocabulary for Event Recording and Incident Sharing) that enables organizations to categorize breaches by actor, action, asset, and attribute. This consistency is essential for meaningful statistical analysis, trend prediction, and, for GTM leaders, credible thought leadership.

Key Trends—2024’s Breach Landscape in Focus

Sharman highlighted several major trends in this year’s data, many with direct takeaways for product, GTM, and partnership leaders.

  1. Third-Party Breaches Have Doubled

    • The percentage of breaches involving “third parties” (suppliers, partners, vendors) doubled from 15% to 30%. This is not just a compliance concern—third-party risk is now core to your organization’s security posture and product narrative.

    • GTM Insight: Solutions that reduce risk “beyond your four walls” and can demonstrate robust partner security controls have a clear market advantage.

  2. Perimeter Device Vulnerabilities are Rising

    • Exploitation of vulnerabilities in VPN/perimeter devices jumped from 3% to 22% of breaches year-over-year. These are often “zero-day” exploits, highlighting patching and vendor communication gaps.

    • The average time to patch was 32 days—leaving organizations exposed for a critical window. Only half of devices were patched at all.

    • Product/CS Insight: Messaging around patch management, default secure configurations, and continuous monitoring is more relevant than ever.

  3. Credential Abuse and Secrets Management

    • Credentials are at the heart of one in five data breaches (22%), a statistic that stubbornly remains high.

    • Exposed access keys and credentials in public repositories (e.g., GitHub) are now routinely harvested by bots in minutes; remediation lags up to 94 days on average.

    • Development/Provider Insight: Infuse your solutions with features to scan for hardcoded secrets, alert users, and support identity-centric security by default.

  4. Human Factors and Social Engineering

    • The “human element” (errors, social engineering, and misuse) was involved in 60% of breaches—unchanged from last year.

    • Phishing reporting rates, however, have improved, with click rates declining as users mature in awareness, though risks from business email compromise and info-stealer malware persist.

  5. Ransomware Remains Rampant, But Payment Is Down

    • Ransomware’s share of breaches has nearly doubled since 2019, now accounting for 44% of cases.

    • Good news: Fewer organizations (64%) are paying ransoms, with average payment amounts dropping —thanks in part to better backup/resiliency programs and discouragement from insurers and law enforcement.

    • Market positioning: There’s more demand for solutions that support resilience and recovery, not just prevention. Product messaging around “post-breach survival” and “limiting downtime” resonates strongly.

Industry and Sector Insights

  • Small and Medium Businesses (SMB) Are Hit Hardest SMBs are disproportionately affected by ransomware and often lack robust recovery plans.

  • Public Sector and Healthcare Miscellaneous errors and basic web application attacks (credential abuse, misconfiguration) reign. Reporting mandates mean more internal errors get surfaced.

  • Finance and Manufacturing System intrusions, social engineering, and credential abuse are the most common attack patterns.

AI & The Evolving Threat Surface

AI’s double-edged sword was a key theme:

  • Offense: Attackers are using AI for sophisticated phishing, malware mutation, and “info stealer” campaigns. Deepfakes and prompt injection vulnerabilities are emerging threats.

  • Defense: AI is empowering detection, behavioral analysis, and context-aware phishing prevention—but brings concerns around data leakage and “shadow AI” use outside sanctioned controls.

  • Action Item: Organizations must establish (and demonstrate) strong AI governance and “reference architectures” to mitigate internal and external risks from AI adoption.

Actionable Takeaways for GTM and Product Leaders

  • Position Identity and Secrets Management as Core: Emphasize passwordless, MFA, and secrets scanning—credentials are still prime attack vectors.

  • Sell Resilience, Not Just Prevention: Equip and message for post-breach survival, rapid recovery, and minimizing downtime.

  • Prove Trust Across the Supply Chain: Highlight compliance frameworks (SOC 2, ISO 27001), partner trust programs, and proactive incident support in your value proposition.

  • Eliminate Complexity for Customers: Hardening templates, simplified onboarding, and integration with SIEM/XDR/EDR platforms are winning features.

  • Prepare for AI-Enabled Threats: Ensure your tools support safe AI usage—in development and detection—and educate customers on governance.

Conclusion

The DBIR is a goldmine of guidance not only for CISOs, but also for anyone shaping the cybersecurity solutions market. Whether you’re a product owner, a GTM leader, or a customer-facing technical ally, the 2024 data paints a clear picture: adapt your strategy to a world where identities, third parties, and human error drive risk—and where resilience, trust, and simplicity set winners apart.

Want the full report? Search for “Verizon DBIR 2024”—and follow Security Revenue LIVE for more actionable conversations shaping the future of the cybersecurity industry.

Resources & Community

Join our community for more insights and to connect with your cybersecurity GTM peers today: Cyber GTM Alliance

If you found this valuable, please share with your community.

Reply

or to participate.