TrendAI

Andrea Gillhuber,

Germany Among the Top Three Countries for Ransomware

In 2025, Germany was among the three countries with the highest number of confirmed ransomware attacks. This is according to TrendAI’s 2026 Cyber Risk Report. At the same time, the report shows that the overall cyber risk faced by companies has decreased slightly on average.

© armo/stock.adobe.com

TrendAI, Trend Micro’s enterprise cybersecurity division, has published its 2026 Cyber Risk Report. According to the report, the average Cyber Risk Index (CRI) fell to 35.8 points in 2025, down from 38.5 points the previous year. This means that the companies surveyed continue to fall within the medium-risk range.

More Ransomware Despite a Declining Cyber Risk

By contrast, the number of successful ransomware attacks rose significantly. According to an analysis of cybercriminals’ leak sites, 5,096 companies worldwide fell victim to the ten most active ransomware groups. This represents a 236 percent increase over the previous year.

With 433 confirmed ransomware attacks, Germany ranked third among the hardest-hit countries in 2025, behind the United States (4,893) and Canada (520).

Activity by the Qilin ransomware group increased particularly sharply. It recorded 1,262 confirmed attacks, representing a 1,270 percent increase compared to 2024. Akira followed in second place with 857 cases (+708 percent). At the same time, five new groups entered the top ten, including INC Ransom, SafePay, Lynx, DragonForce, and Sinobi.

Advertisement

New Data on Attack Vectors

For the first time, the report includes analyses of the “Attack Path Prediction” feature of the TrendAI Vision One platform. According to the report, unpatched vulnerabilities—with more than 2.3 million detected attack paths—are the most common starting point for successful attacks.

Password-spraying and password-guessing attacks on inadequately protected user accounts account for a combined total of more than two million detected attack paths. The attackers primarily target user accounts, which were targeted an average of about 33,000 times per day—significantly more frequently than end devices.

Cloud Access and Accounts Remain Vulnerabilities

The most common risk events continue to include risky access to cloud applications, outdated Microsoft Entra ID accounts, and disabled multi-factor authentication. A new addition to the top five risks is violations of zero-trust access rules.

In a sector-by-sector comparison, the mining industry has the highest risk level, with a CRI of 42.5. It is followed by healthcare and agriculture (both 40.3), telecommunications (39.9), education (39.8), and government agencies and public institutions (39.7).

Small businesses with up to 100 employees also came into sharper focus. They were the only company size category whose Cyber Risk Index rose year-over-year.

Recommendations for Businesses

Among other things, TrendAI recommends that companies regularly review their security configurations, consistently implement identity and access management, prioritize vulnerabilities based on risk, and analyze attack vectors rather than individual risks. In addition, existing security platforms should be fully leveraged through automated processes and continuous monitoring.

  • Xing Icon
  • LinkedIn Icon
Advertisement
Advertisement

You might also be interested in

Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

B&R

CRA guide for Powerlink checked

TÜV Rheinland has audited the "CRA Guide for Powerlink" from B&R. The guide is one of the first independently audited technical documentations for the implementation of the EU Cyber Resilience Act in automation.

read more...
Subscribe to our newsletter
Advertisement
Back to home