Authorities, industry and IT targeted by cyber criminals

Public authorities were also the most affected by cyberattacks in 2025; at 33 percent, advanced persistent threats (APTs) were the most common cause. This highlights the increasing sophistication of threat actors who are continually adapting their tactics to evade automated defenses. In addition, 19 percent were confronted with social engineering attacks, meaning that employees remain a critical gateway for cyberattacks.

This underlines the need to strengthen not only technical but also organizational cyber resilience. This includes measures such as role-based access controls and restricting permissions, which can significantly reduce the impact of compromised accounts - especially in large, decentralized government environments.

Industry invests in proactive safety validations

The industrial sector, on the other hand, shows a more even but equally worrying threat picture: APTs were responsible for 18 percent of incidents, malware for 15 percent and social engineering for 14 percent. This suggests that industrial organizations are attracting a wide range of attackers with different capabilities and targets, rather than being targeted primarily by one specific type of attacker. Strikingly, confirmed cyber exercises such as Red Teaming account for 23 percent of incidents, the highest proportion among the three most affected industries. This reflects growing investment in proactive security validation.

IT sector uses little proactive security testing

Compared to the government and industrial sectors, the IT sector shows a significantly different pattern. With the highest proportion of APTs of all the industries surveyed (41%), the IT sector is a prime target for sophisticated threat actors looking to exploit relationships of trust and scale their impact across supply chains. Additionally, APT traces - artifacts of previous APT activity - were found in 17 percent of cases. Incidents due to social engineering account for 11 percent. Only 9 percent of incidents in the IT sector involved red teaming. Proactive security tests therefore still appear to be underused in relation to the actual threat situation in the sector.

By contrast, the financial sector was significantly less affected than in previous years. This was no longer one of the three most affected sectors in 2025. Only twelve percent of incidents were attributable to APT activities. However, it is clear that the financial sector is increasingly concerned about security: 36% of incidents were related to red teaming. This demonstrates a mature, compliance-driven approach to proactive defense and sustained investment in security reviews. These can effectively strengthen organizations' ability to detect vulnerabilities early, avoid costly security incidents and reduce the risk of significant reputational and operational damage.

"Government agencies, industrial companies and IT organizations continue to attract highly skilled attackers due to the strategic value of the assets they manage, operate and network, such as geopolitical information, critical infrastructure and global supply chains," comments Sergey Soldatov, Head of Security Operations at Kaspersky. "The data for 2025 confirms that these attacks are targeted and often designed to gain persistent access. All industries must assume that determined attackers will find a way to gain access and focus their defenses on early detection, rapid containment and minimizing the attack window. Therefore, proactive threat hunting, continuous monitoring and regular security assessments are a must for organizations of all sizes in these industries.