“They Didn’t Think It Could Happen to Them—Until It Did.”
What PR & Marketing Firms Need to Know from the 2025 DBIR
By Erick Grau | CEO, Chibitek
Imagine this: You’re preparing a major launch for a Fortune 500 client. The pitch deck is perfect, the press release is scheduled, the influencers are in the loop. Then—bam!—your systems are locked down, your accounts hijacked, your digital trust shattered. Not by chance. Not by chaos. But by someone who saw your industry as the low-hanging fruit.
This isn’t a nightmare. It’s a Tuesday in the world of cybersecurity—and it’s exactly what the 2025 Verizon Data Breach Investigations Report (DBIR) just warned us about.
Here’s what the DBIR wants you—yes, the creative, the strategic, the brand builder—to know:
1. Your People Are the Perimeter Now
PR and marketing firms often operate in a high-trust, fast-response environment. That’s great for clients—but gold for attackers. In 2025, over 68% of breaches involved a human element, with phishing and credential theft continuing to dominate. That friendly intern clicking a rogue LinkedIn message? That executive who reuses a password across platforms? They’re the front lines.
Action for leaders: It’s time to adopt real-time, identity-first security. MFA isn’t optional—it’s survival.
2. Creativity Has a Cost: Exposure
You use dozens of platforms—social media schedulers, file shares, video editors, analytics tools. Each one adds flexibility… and risk. The DBIR flagged cloud misconfigurations and third-party SaaS vulnerabilities as a growing attack vector, especially in industries with decentralized tech stacks.
PR-specific risk? That shared Dropbox with client assets. That Canva login with no password rotation. That “temporary” account never decommissioned.
Action for teams: Conduct a SaaS security audit. Lock down access. Partner with an MSP (like Chibitek) that gets your pace and your platforms.
3. Small Firms, Big Targets
Here’s the gut punch: Small businesses made up over 60% of the confirmed victims. Why? Because they “assume obscurity is safety.” But in marketing, your data is your power: client campaigns, unreleased product info, earnings statements. That’s catnip for threat actors.
Action for owners: Stop thinking you’re too small to matter. Start budgeting for cybersecurity like it’s insurance—for your business and your brand.
4. Ransomware Still Reigns
Yes, ransomware is still the kingpin. The DBIR showed steady persistence of ransomware across all sectors, but particularly devastating in industries with fast-moving deadlines—like PR. Imagine losing a launch window because your files are encrypted.
Action for ops: Ensure you’ve got verified backups, disaster recovery plans, and 24/7 monitoring. Recovery time = brand reputation.
5. Speed Kills—If You’re Unprepared
Most breaches take minutes to execute but months to detect. That delay can be fatal in PR, where timing is everything.
Action for executives: Invest in monitoring, endpoint detection, and response. Consider AI-based threat intel that sees patterns before your team can.
What’s the Story You Want to Tell?
When the breach happens—because odds are, it will—will your story be one of recovery, resilience, and readiness?
Or one of regret?
The 2025 DBIR isn’t just a technical report—it’s a wake-up call to the creative class. You’ve built brands, built buzz, built trust. Now, build your digital armor.
Because the next campaign you save… might be your own.
Want to ensure your business stays secure in an evolving digital landscape? Start with a FREE Network Assessment to identify vulnerabilities and safeguard your data against cyberthreats.
Click here to schedule your FREE Network Assessment today!
We Make IT Effortless, So You Can Disrupt, Create, and Grow
