A recent report on financial services crimes states that 65% of these occurrences involve a human element.
The report published by Verizon says that “phishing victims, errors, and social engineering remain persistent attack surfaces despite security investments.”
Internal data is compromised in 53% of financial account breaches, personal data in 43%, and credentials in 26%. About 37% of organizations do not use multifactor authentication for administrative accounts.
Ransomware was involved in 48% of these acts. The median amount of ransom paid is on a downward trend, but still significant at $139,875 versus $150,000 in the previous year.
The 2026 Data Breach Investigations Report (DBIR) reviewed over 31,000 security incidents across more than 145 countries.
Corporate vulnerabilities appear to be rife: it takes 43 days to fix a critical vulnerability, while criminals exploit these opportunities in just 5 days.
The report claims that just 26% of critical vulnerabilities were fully remediated by organizations in 2025, a drop from tyear prior at 38%.
Unfortunately, artificial intelligence (AI) is not just being used by the good guys but the crooks as well. And it is not just for creating malware but for managing an attack.
Phishing, where a poisoned text or voice mail is delivered, drives clicks at a 40% higher rate. Pretexting is becoming more common for ransom and extortion. Seemingly benign texts are used to build a relationship or a con to dupe the unsuspecting.
“Foundation principles of security and strong risk management remain the most effective defense,” says Daniel Lawson, SVP Global Solutions, Verizon Business.”
For individuals, use strong passwords, incorporate MFA, never click on anything, and ignore all calls unless you are certain you know who is calling. The cybersphere is dicey and AI is making it more so — not less.