Exploits continue to be the most common initial infection vector (33%).

Stolen credentials are the second highest initial infection vector, making up 16% of investigations. This rise means stolen credentials were the second most common initial infection vector for the first time in 2024.