Initial Access Vector
Cybersecurity statistics about initial access vector
Showing 1-7 of 7 results
VPN and remote access systems account for roughly one-third of initial access vectors in healthcare cyberattacks.
Valid accounts with missing or lax multi-factor authentication (MFA) accounted for 43.9% of all incident response investigations by Rapid7 in 2025, making it the single most common initial access vector.
Phishing (including malspam, vishing, and malvertising) was the dominant intrusion vector, accounting for approx. 60% of cases..
Vulnerability exploitation accounted for 21.3% of initial access vectors.
Insider threats accounted for 0.8% of initial access vectors.
Botnet accounted for 9.9% of initial access vectors.
Malicious applications accounted for 8% of initial access vectors.