ctipilot.ch

Verizon 2026 DBIR — vulnerability exploitation overtakes credentials as primary breach vector first time in 19 years (31% vs 13%); only 26% KEV remediation (down from 38%); median patch time 43d (from 32d); supply-chain breaches +60% YoY now 48% of all breaches

annual-report · annual-report:verizon-2026-dbir-exploitation-overtakes-credentials

Coverage timeline
1
first 2026-05-21 → last 2026-05-21
Briefs
1
1 distinct
Sources cited
4
4 hosts
Sections touched
1
deep_dive
Co-occurring entities
2
see Related entities below

Story timeline

  1. 2026-05-21CTI Daily Brief — 2026-05-21
    deep_divePD-9 dedicated deep-dive treatment. 22,052 incidents / 12,195 confirmed breaches (Nov 2024 - Oct 2025). Headline shift: vuln exploitation 31% vs credentials 13% (was ~20% vs leading). KEV remediation regression 26% from 38%; median patch 43d from 32d. Supply chain +60% YoY (now 48% of breaches); only 23% remediated MFA gaps in 3rd-party cloud accounts. Ransomware 48% (was 44%), 69% don-t pay. Shadow AI 4x growth; AI bot traffic +21% MoM vs 0.3% human.

Where this entity is cited

  • deep_dive1

Source distribution

  • brighttalk.com1 (25%)
  • verizon.com1 (25%)
  • globenewswire.com1 (25%)
  • helpnetsecurity.com1 (25%)

Related entities

All cited sources (4)

Items in briefs about Verizon 2026 DBIR — vulnerability exploitation overtakes credentials as primary breach vector first time in 19 years (31% vs 13%); only 26% KEV remediation (down from 38%); median patch time 43d (from 32d); supply-chain breaches +60% YoY now 48% of all breaches (2)

Verizon DBIR 2026 (19th edition) — publication confirmed; full PDF expected post-webinar 2026-05-19

From CTI Weekly Summary — 2026-W21 (Mon 18 – Sun 24, 2026) · published 2026-05-18 · view item permalink →

The 2026 Data Breach Investigations Report (incidents November 2024–October 2025) has been confirmed as published; a companion author webinar is scheduled for 2026-05-19 11:00 ET on BrightTalk after which the full statistical breakdown is expected to be publicly accessible. The thematic conclusions anticipated from prior-year DBIR trajectories — credential-path attacks as the leading initial-access vector, edge-device zero-day exploitation acceleration, and third-party/supply-chain breach growth — map directly to this week's operational items: CVE-2026-0300, CVE-2026-20182, CVE-2026-42945, TeamPCP/Mini Shai-Hulud, and Grafana/CoinbaseCartel.

Specific statistics will be incorporated in next week's brief after the full PDF is verified post-webinar. The Verizon DBIR 2026 landing page confirms publication and the 2026-05-19 webinar date. [SINGLE-SOURCE for specific statistics pending full-PDF release.]

Verizon DBIR 2026 (19th annual edition)

From CTI Weekly Summary — 2026-W20 (May 11 – May 17, 2026) · published 2026-05-17 · view item permalink →

Verizon's 19th DBIR is publicly accessible on the Verizon DBIR page; the full PDF release is bound to the 2026-05-19 webinar. Headline figures confirmed on the published page: third-party involvement in breaches doubled year-on-year to 30% (from ~15% in the 2025 edition); ransomware present in 44% of breaches; stolen credentials remain the single most common initial-access vector at 22%; vulnerability exploitation at 20% nearly ties credential theft; the human element (social engineering, phishing, error) remains implicated in 60%+ of breaches (Verizon DBIR page).

The defender synthesis for Swiss / EU public-sector consumers: the third-party-doubling finding is the headline data point of the year for DORA / NIS2 third-party-risk management programmes — the empirical jump from ~15% to 30% supply-chain involvement directly informs DORA Chapter V (ICT third-party risk management) and NIS2 Article 21(2)(d) supply-chain security obligations. Combined with the IGJ-NMDL ruling (see § 5) and the EU CRA Article 14 reporting milestone landing on 2026-09-11 (see § 8), the operational picture for 2026 is unambiguous: supply-chain and third-party scrutiny moves from policy talking-point to enforced obligation in the second half of the year. Update planned post-2026-05-19 webinar PDF release for the full breakdown.