Verizon DBIR 2025: 88% of SMB breaches involved ransomware vs 39% of enterprise; median ransom $115k

reference·Scope: business·Status: current

Created 2026-05-22

Claims (Verizon 2025 Data Breach Investigations Report, April 2025):

88% of SMB breaches contained a ransomware component vs 39% of enterprise breaches
Median ransom payment: US$115,000
"Third-party involvement in breaches has doubled to 30%, and exploitation of vulnerabilities has surged by 34%"
22,052 security incidents documented; 12,195 confirmed breaches — the highest count on record

Source: https://www.verizon.com/about/news/2025-data-breach-investigations-report; Keepnet, ShieldNet, Versa secondary coverage.

Confidence: Verified.

Implication for Candid SMB clients: Small businesses bear a structurally higher share of the worst breach class. A WordPress site without active patching discipline is not "lower-risk because we're small" — it's higher-risk because the attack economics target the under-maintained tail. The $115k median ransom is the real reference number for "what does an abandoned site eventually cost?"

reference Sucuri 2023: 39.1% of CMS apps outdated at point of infection (down from 50.58% in 2022)

Verizon DBIR 2025: 88% of SMB breaches involved ransomware vs 39% of enterprise; median ransom $115k

Related

Referenced by (2)