The Verizon DBIR: A Year-by-Year Research Hub
The Keepnet hub for every year's Verizon DBIR analysis. Covers what the DBIR is, how it is built, year-by-year archive links, Keepnet's contributor relationship, and how to read the report effectively.
Ozan Ucar, Founder and CEO, Keepnet
Published: 2026-05-19
'%3e%3cpath%20d='M4%204L15.733%2020H20L8.267%204H4Z'%20stroke='%230671C0'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3cpath%20d='M4%2020L10.768%2013.232M13.228%2010.772L20%204'%20stroke='%230671C0'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_8149_16006'%3e%3crect%20width='24'%20height='24'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cpath%20d='M5.37214%2023.8745H0.396429V8.10162H5.37214V23.8745ZM2.88161%205.95006C1.29054%205.95006%200%204.65279%200%203.08658C1.13882e-08%202.33427%200.303597%201.61278%200.844003%201.08082C1.38441%200.548853%202.11736%200.25%202.88161%200.25C3.64586%200.25%204.3788%200.548853%204.91921%201.08082C5.45962%201.61278%205.76321%202.33427%205.76321%203.08658C5.76321%204.65279%204.47214%205.95006%202.88161%205.95006ZM23.9946%2023.8745H19.0296V16.1963C19.0296%2014.3665%2018.9921%2012.0198%2016.4427%2012.0198C13.8557%2012.0198%2013.4593%2014.0079%2013.4593%2016.0645V23.8745H8.48893V8.10162H13.2611V10.2532H13.3307C13.995%209.01393%2015.6177%207.70611%2018.0386%207.70611C23.0743%207.70611%2024%2010.9704%2024%2015.2102V23.8745H23.9946Z'%20fill='%230671C0'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_3867_24588'%3e%3crect%20width='24'%20height='27'%20fill='%234A4D53'%20transform='translate(0%200.25)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cpath%20d='M13.957%2014.75L14.668%2010.0848H10.2225V7.05745C10.2225%205.78115%2010.8435%204.53707%2012.8345%204.53707H14.8555V0.565174C14.8555%200.565174%2013.0215%200.25%2011.268%200.25C7.60703%200.25%205.21403%202.48441%205.21403%206.52931V10.0848H1.14453V14.75H5.21403V26.0278H10.2225V14.75H13.957Z'%20fill='%230671C0'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_3867_24590'%3e%3crect%20width='16'%20height='25.7778'%20fill='%234A4D53'%20transform='translate(0%200.25)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
Key Takeaways
- The Verizon Data Breach Investigations Report (DBIR) is the most widely cited primary source publication in cybersecurity, published annually by Verizon Business since 2008.
- The 2026 edition is the 19th and largest, analysing 31,000+ incidents and 22,000+ confirmed breaches across 145 countries (source: Verizon 2026 DBIR, p. 5).
- The report's findings are built from data shared by approximately 100 contributing organisations each year, ranging from incident response firms to law enforcement and security vendors.
- Keepnet contributed voice and SMS phishing simulation data to the 2026 Verizon DBIR, helping inform the report's expanded coverage of mobile centric social engineering.
- This page is the Keepnet hub for every year's DBIR analysis. Use the archive links below to read year specific deep dives.
What is the Verizon DBIR?
The Verizon Data Breach Investigations Report, usually shortened to DBIR, is an annual cybersecurity publication produced by the Verizon Business team. First published in 2008, currently in its 19th edition (released May 2026).
What makes it different from most other industry reports: it aggregates real incident data from a global community of contributors rather than relying on a single firm's caseload, and it presents findings in a statistically rigorous format with confidence intervals on the charts. Other reports lean on surveys. The DBIR leans on actual incident data, mapped through the VERIS framework.
For most security and risk leaders, the DBIR is the single most cited reference in budget conversations, board updates, and analyst briefings. When a CISO says "according to the latest DBIR", everyone in the room knows what that means.
Why it matters in 2026
The 2026 edition analyses 31,000+ security incidents and 22,000+ confirmed breaches across 145 countries (source: Verizon 2026 DBIR, p. 5). It's the largest dataset the DBIR has ever published. Roughly 100 organisations contributed data this year, including incident response firms, law enforcement agencies, cyber insurance carriers, threat intelligence providers, and security vendors. The contributing organisations list appears on pages 117 and 118.
The DBIR also doesn't hide uncertainty. Most cybersecurity statistics get reported with no measurement of confidence. The DBIR uses slanted bar charts and dot plots that show explicitly how much room for error sits in each finding. That kind of honesty is part of why the report is widely respected by analysts, journalists, and operational practitioners.
How the DBIR is built
Each annual cycle covers a 12-month incident window from November to October. The 2026 edition analyses incidents that occurred between 1 November 2024 and 31 October 2025 (source: Verizon 2026 DBIR, p. 9). The team then spends roughly six months acquiring, anonymising, analysing, and writing. Publication is typically in May.
The structure splits across Results and Analysis (the big picture), Incident Classification Patterns (recurring archetypes like System Intrusion or Social Engineering), Deep dive analysis (a couple of long form themes specific to the year), Industries (sector breakdowns), Regions, a Wrap up, and Appendices. First time readers should start with "How to use this report" on pages 6-8 of the 2026 edition.
Year by year archive
We maintain analysis pages for each year's DBIR. These are intended as practical companions to the official Verizon publication, not replacements for it. The full official report is always available at verizon.com/dbir.
2026 Verizon DBIR (current edition)
The 19th edition. Largest dataset to date. First time voice and SMS phishing simulation data is measured at scale, showing a 40 percent higher click rate than email phishing (source: Verizon 2026 DBIR, p. 50). Exploitation of vulnerabilities became the leading initial access vector at 31 percent (source: Verizon 2026 DBIR, p. 10). Ransomware appeared in 48 percent of breaches (source: Verizon 2026 DBIR, p. 11).
2025 Verizon DBIR
The 18th edition. Notable for the surge in third party involvement in breaches and the rise of exploitation of vulnerabilities as a primary attack vector. Credentials remained a dominant theme.
2024 Voice Phishing Response Report
Not a DBIR publication but a related Keepnet research piece. The first industry dedicated voice phishing benchmark report from a vendor. The 2024 work informed our subsequent data contribution to the 2026 DBIR.
Read our 2024 Voice Phishing Response Report →
Keepnet's relationship with the DBIR
Keepnet contributed voice and SMS phishing simulation data to the 2026 Verizon DBIR, helping inform the report's expanded coverage of mobile centric social engineering. Our name appears in the contributing organisations list on page 118.
The DBIR notes on page 50 that voice and SMS simulation data has historically been limited in the industry, with the team writing that they "struggled to find companies doing simulations of voice- and text message based campaigns" and hoping the 2027 dataset can be bigger. Keepnet is among this year's contributors in that category.
The data we shared was anonymised, customer consented, and aggregated at the campaign level. No individual user data or customer identifying information left our platform. We expect to participate again in 2027 with a substantially larger dataset.
One thing to watch in 2027
The voice and SMS phishing dataset is set to grow. The DBIR team has explicitly stated that intent (source: Verizon 2026 DBIR, p. 50). More vendors are likely to contribute and the picture of mobile centric social engineering should sharpen considerably. Worth checking back in May 2027 to see whether the 40 percent gap holds.
How to read a DBIR effectively
Most readers don't have time to read a 121-page report cover to cover. Here's how to get the most out of each edition without burning a weekend.
Start with the Key Topics and Findings section. Usually pages 10-13. Five or six headline findings summarised with the supporting chart and source attribution.
Then read the Industry section that matches your vertical. The DBIR organises sector findings into compact, comparable formats. The differences across sectors are usually larger than the global averages suggest, so the sector chapter often matters more than the headline numbers.
Read the Region section that matches your geography. North America, EMEA, APAC, and LAC each carry distinct threat model differences. The 2026 edition's EMEA chapter, for example, shows Phishing appearing in 84 percent of social related breaches in the region against 69 percent globally (source: Verizon 2026 DBIR, p. 103).
If a finding surprises you, the methodology appendix is where to go. The DBIR team is transparent about contributor mix, dataset shape, and where biases may exist. Page 111 in the 2026 edition. Short, worth the read.
One last thing on quoting. Verizon's policy permits citing statistics and figures, provided the source is named as "Verizon 2026 Data Breach Investigations Report" and the content isn't modified. Exact quotes are fine. Paraphrasing the findings requires the DBIR team's review. And when you share the report with colleagues, link them to verizon.com/dbir rather than hosting the PDF yourself.
About the author
Ozan Ucar is the Co founder and CEO of Keepnet. He has spent more than 15 years in security operations, awareness programme design, and human risk research.
SHARE ON