Patch Gaps, Pretexting, and AI Use for Crimes and Crimefighting: 2026 Verizon DBIR Highlights

The 2026 Verizon Data Breach Investigations Report (DBIR) analyzes 31,000 incidents—including over 22,000 confirmed breaches—across 145 countries from November 2024 to October 2025. As the industry’s most comprehensive annual cyber‑threat barometer, it offers a data‑driven temperature check on evolving attack vectors, remediation practices, and financial impacts.

Key findings show vulnerability exploitation eclipsing credential abuse as the top initial‑access technique, accounting for 31% of incidents—more than double the prior year. Patch management remains a chronic weakness: only 26% of critical, known‑exploited vulnerabilities were fully remediated, with a median resolution time of 43 days, and 58% only partially addressed. Pretexting attacks are on the rise, pressuring organizations to refresh security‑awareness training, while threat actors increasingly embed AI tools into their workflows, a trend expected to accelerate with the upcoming Mythos platform.

Notable data points include ransomware involvement in 48% of breaches, yet 69% of victims chose not to pay, and the median ransom fell to $140,000—a 6.75% decline. The report also highlights that many organizations still rely on partial mitigations, such as compensating controls, rather than full patch closure, underscoring a fragmented defense posture.

The implications are clear: enterprises must accelerate vulnerability remediation cycles, adopt a holistic view that couples patching with credential hygiene, and invest in AI‑driven detection and response capabilities. Strengthening phishing and pretexting defenses through continuous training will be essential as social‑engineering tactics evolve, while ransomware strategies should focus on robust backup and incident‑response plans rather than ransom payments.