Sophos Report Highlights Identity-Driven Breaches and Off-Hours Attacks

Sophos analyzed 661 incident response and managed detection and response cases between November 1, 2024, and October 31, 2025, covering organizations in 70 countries. The report found that intrusions frequently involve credential access and are executed outside standard business hours. Ransomware and data theft activities were observed to peak during these off-hours. Identity-related root causes accounted for a significant proportion of the breaches examined. The dataset focused on attacker access methods, speed of system compromise, and timing of malicious actions.