Cyber espionage has emerged as a rapidly growing threat to businesses across multiple sectors, according to Verizon’s latest Data Breach Investigations Report (DBIR). The report, now in its 18th edition, analysed over 22,000 security incidents, including 12,195 confirmed breaches.
While financial gain remains the primary motivation for cyberattacks, espionage is becoming an increasingly common driver, accounting for 17% of all breaches.
Manufacturing was hardest hit, with espionage-related breaches soaring sixfold to 20% from just 3% a year earlier. Internal data — sensitive plans, reports, and emails — was the most frequently targeted information. Verizon recorded 3,837 incidents and 1,607 confirmed data disclosures in the manufacturing sector alone.
Healthcare also saw an uptick in espionage-related breaches, rising from 5% to 12%. “The rise of espionage as a motive for attackers in this sector is concerning,” the report noted.
Retail, meanwhile, experienced a dramatic increase, with espionage accounting for 9% of attacks, compared with just 1% in 2023.
“It’s becoming a bit of a show and tell for retailers, and they need to be aware of it,” Verizon warned. In education, espionage made up 18% of breaches, and in finance, 12%.
Speaking at a press event on the day the report launched (23 April) Ali Neil, managing director for advanced solutions at Verizon Business, said espionage was best defined as “the exfiltration of data for the purpose outside of financial means or it could be for financial means. It has the attributes that they are looking for – IP or info that could be used for espionage purposes.”
Asked why espionage was on the rise, Neil said: “We are not sure. But I think maybe threat actors are going into this in more sophisticated ways. Espionage might be combined with financial motivations.
“People are hacking into systems for multiple reasons – not just to steal your money, encrypt your systems or take credit card data. They are going in and taking a lot more and then determining whether it was for espionage or what tactics they will then employ. It’s concerning.”
Ashish Khanna, senior security consulting services leader at Verizon Business, added that modern attackers are becoming more opportunistic: “Attackers do not go after specific companies these days. They will take anything and everything that exists and then decide what is of use to them.”
Espionage-related breaches are increasing across all regions, with APAC highest at 20%, followed by EMEA at 8% and North America at 4%.
Vulnerability exploitation
The report also highlighted a continued rise in vulnerability exploitation, with a 34% surge globally. This follows a massive 180% increase in 2024. Exploitation of vulnerabilities is now second only to credential abuse (22%) as the most common breach vector, narrowly ahead of phishing (16%).
With thousands of critical and high-risk vulnerabilities present in systems at any one time, companies must also consider the importance of the affected assets themselves according to Shubham Mittal, co-founder of RedHunt Labs, which provides attack surface management tools
“If it’s a low-hanging supply chain system that no one is really tracking, it could be a bigger risk than a critical server that’s well monitored,” he noted.
Mittal added that artificial intelligence could increasingly help manage this complexity, allowing firms to quantify risk across multiple variables faster than human teams alone.
Concerns around vulnerability management were temporarily eased earlier in April when the US government agreed to extend funding for the Common Vulnerabilities and Exposures (CVE) programme after fears it would be axed.
Elsewhere, the Verizon report found breaches involving third parties doubled to 30%, and ransomware incidents surged, now involved in 44% of breaches.
Smaller businesses remain most vulnerable to ransomware attacks, with 88% of SME victims opting not to pay, compared with 39% among larger enterprises.
To read more of the latest cybersecurity news, click here.
