The study reports a 34 per cent rise in the exploitation of known vulnerabilities, with a significant proportion of these breaches linked to internet-facing perimeter system
Vulnerabilities in perimeter devices, third-party contractor systems and credential management platforms are emerging as key entry points for cybercriminals, signalling a shift that places physical security infrastructure squarely in the crosshairs of digital threat actors. That’s the warning from Verizon Business in its newly released 2025 Data Breach Investigations Report (DBIR), a widely referenced annual benchmark in the cybersecurity sector.
Now in its 18th year, the DBIR reviewed over 22,000 security incidents and 8,900 confirmed data breaches across multiple industries. While traditionally aimed at IT and cybersecurity professionals, this year’s report issues a stark warning for physical security leaders and facility managers.
The study reports a 34 per cent rise in the exploitation of known vulnerabilities, with a significant proportion of these breaches linked to internet-facing perimeter systems and VPN appliances—technologies that increasingly form the backbone of modern access control, video surveillance and building management platforms.
“These systems were once considered the exclusive concern of the IT department,” said Dave Hylender, co-author of the DBIR. “But in today’s threat landscape, cybercriminals are actively probing the digital doorways into physical infrastructure.”
This growing convergence between cyber and physical threats also dominated discussions at ISC West 2025, where Rachel Wilson—former head of cybersecurity at the US National Security Agency and now an executive at Morgan Stanley—delivered a keynote underscoring the expanded risk landscape. Drawing on her experience in international cyber operations, Wilson said cybercriminals have evolved their tactics.
“The attackers have pivoted. They’re going after companies’ weakest digital links—including those tied to physical operations,” Wilson said. “Security must now be enterprise-wide, not siloed.”
The DBIR notes that many successful intrusions stemmed from weak patch management, lax vendor oversight and poor network segmentation—all of which allow cybercriminals to pivot from digital systems into physical operations. Particularly troubling is the rise in third-party contractor breaches, which often serve as indirect pathways into more secure environments.
For those in charge of physical security, the message is clear: traditional safeguards such as guards, locks and CCTV systems are no longer adequate without being reinforced by strong cybersecurity frameworks. The report urges organisations to reevaluate vendor risk management, secure perimeter systems and strengthen collaboration between physical security teams and IT departments.
As the line between digital and physical security continues to blur, the consequences of inaction may extend far beyond data breaches—jeopardising the safety of people, the integrity of facilities and the resilience of critical infrastructure.
