HomeIntelligenceBrief
BREACH BRIEF⚪ Informational ThreatIntel

FBI Releases 2025 Internet Crime Report Highlighting Surge in Ransomware, BEC, and Supply‑Chain Attacks

The FBI’s 2025 Internet Crime Report reveals a sharp increase in ransomware payouts, business‑email‑compromise incidents, and supply‑chain attacks across multiple sectors. For TPRM teams, these trends signal heightened exposure through vendors and underscore the need to reassess risk models.

LiveThreat™ Intelligence · 📅 May 28, 2026· 📰 schneier.com
Severity
Informational
TI
Type
ThreatIntel
🎯
Confidence
High
🏢
Affected
5 sector(s)
Actions
3 recommended
📰
Source
schneier.com

FBI Releases 2025 Internet Crime Report Showing Record Ransomware Losses and Supply‑Chain Attacks

What Happened — The FBI published its 2025 Internet Crime Report, providing the most recent statistical snapshot of cyber‑crime activity in the United States. The report documents a year‑over‑year rise in ransomware payments, business‑email‑compromise (BEC) incidents, and supply‑chain attacks, with total reported losses exceeding $10 billion.

Why It Matters for TPRM

  • Escalating ransomware and BEC volumes increase exposure for any organization that relies on third‑party services.
  • Supply‑chain compromises highlight the need for continuous monitoring of vendor security postures.
  • Industry‑wide loss figures can be used to calibrate risk‑scoring models and justify tighter contractual security clauses.

Who Is Affected — Financial services, healthcare, SaaS/technology providers, retail/e‑commerce, and government agencies are all cited as heavily impacted in the report.

Recommended Actions — Review and update third‑party risk assessments to reflect the heightened ransomware and supply‑chain threat landscape; validate that vendors maintain robust incident‑response and email‑security controls; incorporate the report’s loss metrics into quantitative risk‑scoring frameworks.

Technical Notes — The report aggregates data from the FBI’s Internet Crime Complaint Center (IC3) and does not disclose specific CVEs or attack vectors. It emphasizes trends such as phishing‑based credential theft, exploitation of known vulnerabilities, and malicious use of cloud‑based services. Source: Schneier on Security – FBI’s 2025 Internet Crime Report

📰 Original Source
https://www.schneier.com/blog/archives/2026/05/fbis-2025-internet-crime-report.html

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · SOC 2 Readiness

Could you prove your access controls held up here?

Credential and access failures map directly to SOC 2 access-control criteria. The Verisq AI Trust Operations platform shows where your evidence is thin before an auditor — or an attacker — finds out.

Explore the Verisq AI Trust Operations platform →