The Financial Services industry was the most breached industry in 2025 | Official Website of Louis Velazquez, entrepreneur, finance guy and tech innovator

Broadcast Retirement Network’s Jeffrey Snyder discusses the increase in cybercrimes in 2025 with Identity Theft Resource Center’s Eva Velasquez.

Jeffrey Snyder, Broadcast Retirement Network

Eva, it’s so great to see you again. Thanks for joining us this morning.

Eva Velasquez, Identity Theft Resource Center

Oh, I’m happy to be here. I’m not happy with the results of this report because it’s mostly bad news, but I’m happy to talk about it and see if we can educate some folks.

Jeffrey Snyder, Broadcast Retirement Network

Yeah, absolutely. And this is, I think, one of the more comprehensive reports that I have read. I’m not an expert like you, but cybersecurity seems to be top of mind.

So does privacy, Eva. When you look at 2025’s report versus 2024, a year, does 12 months make a big difference?

Eva Velasquez, Identity Theft Resource Center

Oh, the speed at which we’re moving right now, 12 months, it’s eons, really. I mean, look at how quickly things like AI progressed and using those tools and all of the different cyber attacks. So yes, it absolutely made a difference, but some things are staying the same, and that’s the growth in the number of breaches.

We had another record year, unfortunately, and this is the third year in a row that we’ve had over 3,000 publicly reported data breaches in the U.S. That’s an unfortunate landmark and trend.

Jeffrey Snyder, Broadcast Retirement Network

Yeah. I mean, you really can’t read the popular press and not hear about something. I mean, I’ve read Nike, some of these big brands that you would think have great security, they have big infrastructures, but they’ve been under threat.

And an area that seems to be consistently under threat, Eva, financial services, banks, financial institutions, like investment management firms, wealth advisors, they’re under assault.

Eva Velasquez, Identity Theft Resource Center

Well, that’s where the money is. We have to think about these breaches and this data as the fuel for scams, fraud, and identity crimes. So it’s the fire, it’s the fuel.

And of course, financial services has always, unfortunately, been a target. And they’ve over the years flip-flopped with healthcare. Sometimes government is in the mix, but it really is about this confluence of factors.

Where is it going to be most lucrative for the bad guys? Where are the vulnerabilities at any particular time? And really just what’s going on in the whole ecosystem and the landscape, that’s going to make a big difference.

You said something about these large organizations that you make assumptions that they have a very sophisticated cybersecurity. Look, there certainly are going to be breaches and cyber attacks that go after companies with less than stellar security. That happens.

And there is negligence sometimes in these areas. But I also think we have to remember that the bad guys only have to be right once. These companies, these organizations that are putting a lot of effort into their cybersecurity practices and defeating the bad actors, they have to be right 100% of the time.

So while I don’t want to be an apologist for breaches, I also want people to understand that good companies with good practices can still unfortunately become victims of a cyber attack or a breach.

Jeffrey Snyder, Broadcast Retirement Network

Point well made there. In terms of the tactics, are the tactics kind of the same where you have like phishing attacks, you have employees stealing data, you have handing off data? Have the tactics changed?

And are we just desensitized to it in terms of being exposed?

Eva Velasquez, Identity Theft Resource Center

Well, there are so many different pathways to those vulnerabilities. And we look at things like, you know, is it truly a cyber attack using some technological know-how to exploit a vulnerability? Is it system errors or human error?

And we’re actually seeing that go down a little bit this year, not enough, but it is going down. So things like training, training your employees and helping them to understand what role they play, that can have a big impact. And then physical attacks are actually going up a little bit.

But by far the vast number of them, these are actual cyber attacks where they’re exploiting either systems or people. I mean, if you think about the state of phishing, why would a hacker want to use all of that time and energy and bandwidth to exploit a system when they don’t have to hack and they can just log in because they can get your credentials. But that can also happen through those cyber attacks.

So there’s just a lot of different pathways.

Jeffrey Snyder, Broadcast Retirement Network

You mentioned how things are speeding up or have sped up. I mean, that’s certainly unfortunate for a lot of reasons. One of the things that is often talked about at least over the last 12 to 18 months is artificial intelligence.

We see it everywhere. Production. We see it in production and manufacturing and healthcare.

Our adversaries, these individuals that are doing the hacking, doing the threats, they’re using artificial intelligence, I would imagine as well, to probe for vulnerabilities.

Eva Velasquez, Identity Theft Resource Center

Well, this wouldn’t be a discussion of cyber security if we weren’t going to talk about AI, right? I mean, it’s on everybody’s minds and it should be. Because to your point, yes, it’s this very strange cycle.

The bad guys are absolutely using AI to be able to scale, to be able to do these things much more quickly, to take out some of the, we’ll call it, grunt work. I mean, AI can write malicious code. And there are specialty AI programs developed by the bad guys that they’re selling to other bad guys to help scale their fraudulent operations.

So they are absolutely leveraging this as a tool. Now, the good guys are too, and we need to continue to do that. But that’s sort of this conundrum that I think a lot of people are experiencing is, I have to use this tool that is exploiting vulnerabilities, making it easier to perpetrate these crimes, making the bad guys more sophisticated and able to just respond and hammer us much more quickly.

Well, I have to use that same tool to be able to respond. And we do need to embrace that.

Jeffrey Snyder, Broadcast Retirement Network

So, you know, we can’t cover everything in the report. I mean, it’s so voluminous. I would encourage people who are watching, listening to certainly go to your website, which you can certainly find on any of our postings, to look at the comprehensive data.

But what do you say to a chief technology officer, a chief information officer, someone who’s looking to protect, whether they’re small, large, what’s the takeaway here? I mean, you know, you’ve got to be right 100% of the time. Is that really a reality?

Can that be a reality? What do you take away from this report?

Eva Velasquez, Identity Theft Resource Center

Well, what I would rather than giving them technical specifications and do A, B and C, I would just like to remind the people in charge of these processes that there is a human behind each of these events. And I think it’s very easy when you’re in this space to look at data and incident rates and occurrences and forget that human impact. So just remember that as challenging as your jobs are and your role is, the why behind it is really to stop human suffering.

People are being impacted by not just the breach itself, but all of the secondary impacts, the crimes that are then committed with that data. That has a real impact on people. So I would encourage all the folks that are in this space that are tasked with protecting those people, just to sit back and remember your why to give you the energy, because it can be really depleting.

It can be very disheartening when you are trying to do everything right and maybe something does go wrong or goes awry. And I would also encourage those folks that transparency matters. We’ve seen that over a number of years, and this year was no different.

The level of transparency in these notices continues to go down. And I understand there’s a lot of conversations around liability and just not wanting to create more liability for the company. But people and other similarly situated businesses can’t react because they don’t have that information, including things like the root cause of the cyber attack.

While that may be either embarrassing or again, creates a liability and you have to talk to your attorneys, that informs the field. It makes everybody better. So we’re definitely going in the wrong direction when we talk about the level of transparencies in these notices.

And I would like to encourage the people making those decisions to think long and hard about their why and do what they can to be more transparent and give us more information about what happened. You’re not only informing the impacted individuals in the breach, you’re informing the field, the greater ecosystem. And that’s going to be key if we’re going to start bringing these numbers down.

Jeffrey Snyder, Broadcast Retirement Network

Very well said, Eva. Very comprehensive report. Thank you so much for joining us.

Great work as always. And people can always certainly visit your website to get some tips, tricks, things to protect themselves. We look forward to having you back again very soon.

Eva Velasquez, Identity Theft Resource Center

Thanks for having me. It was a pleasure being here.