2025 will be remembered as the year cyber threats reached a breaking point. With nearly 6,000 ransomware incidents, more than 6,000 data breaches, and over 3,000 sales of compromised corporate access, enterprises across the globe faced one of the most dangerous digital landscapes on record. Manufacturing plants halted production, government agencies struggled to contain leaks, and critical infrastructure endured direct hits. Cyble Global Cybersecurity Report 2025 highlights that ransomware attacks surged 50% year-over-year.
Not only this, the Global Cybersecurity Report 2025 stated that data breaches climbed to their second-highest level ever, and the underground market for stolen access flourished.
Together, these figures reveal not just isolated events, but a systemic escalation of cybercrime that is reshaping the way organizations must defend themselves.
Cyble Global Cybersecurity Report 2025: A Year of Escalation
The Cyble Global Cybersecurity Report 2025 documented 5,967 ransomware attacks, representing a 50% increase year-over-year. Alongside this, 6,046 data breaches and leaks were recorded, the second-highest level ever observed.
The underground market for compromised initial access also thrived, with 3,013 sales fueling the global cybercrime economy.
Daksh Nakra, Senior Manager of Research and Intelligence at Cyble, described 2025 as a “Major power shift in the threat landscape,” noting that new ransomware groups quickly filled the void left by law enforcement crackdowns. The combination of supply chain attacks and rapid weaponization of zero-day vulnerabilities created what he called “a perfect storm” for enterprises worldwide.
Ransomware Landscape Transformed
Two groups stood out in 2025. Akira ransomware emerged as the second-most prolific group behind Qilin, launching sustained campaigns across Construction, Manufacturing, and Professional Services. Its opportunistic targeting model allowed it to compromise nearly every major industry vertical.
Meanwhile, CL0P ransomware reaffirmed its reputation as a zero-day specialist. In February 2025, CL0P executed a mass campaign exploiting enterprise file transfer software, posting hundreds of victims in a single wave. Consumer Goods, Transportation & Logistics, and IT sectors were among the hardest hit.
Key Ransomware Statistics
- 5,967 total ransomware attacks in 2025 (50% increase year-over-year)
- The manufacturing sector most targeted, suffering the highest operational disruption
- Construction, Professional Services, Healthcare, and IT are among the top five targets
- The United States experienced the majority of attacks; Australia entered the top-five list for the first time
- 31 incidents directly impacted critical infrastructure
Data Breaches Near Record Levels
Government and law enforcement agencies were disproportionately affected, accounting for 998 incidents (16.5% of total breaches). The Banking, Financial Services, and Insurance (BFSI) sector followed with 634 incidents. Together, these two sectors represented more than a quarter of all breaches, highlighting attackers’ focus on sensitive citizen data and financial information.
The sale of compromised corporate access continued to fuel cybercrime. Cyble’s analysis revealed 3,013 access sales, with the Retail sector most heavily targeted at 594 incidents (nearly 20%). BFSI followed with 284 incidents, while Government agencies accounted for 175 incidents.
Vulnerabilities Drive Attack Surge
Cyble Global Cybersecurity Report 2025 further highlighted that critical flaws in widely deployed enterprise technologies served as primary entry points. Among the most exploited were:
- CVE-2025-61882 (Oracle E-Business Suite RCE) – leveraged by CL0P
- CVE-2025-10035 (GoAnywhere MFT RCE) – exploited by Medusa
- Multiple vulnerabilities in Fortinet, Ivanti, and Cisco products with CVSS scores above 9.0
In total, 94 zero-day vulnerabilities were identified in 2025, with 25 scoring above 9.0. Over 86% of CISA’s Known Exploited Vulnerabilities catalog entries carried CVSS ratings of 7.0 or higher, with Microsoft, Fortinet, Apple, Cisco, and Oracle most frequently affected.
Geopolitical Hacktivism Surges
According to Cyble’s global cybersecurity report 2025, hacktivist activity reached an unprecedented scale, with over 40,000 data leaks and dump posts impacting 41,400 unique domains. Much of this activity was driven by geopolitical conflicts:
- The Israel-Iran conflict triggered operations by 74 hacktivist groups
- India-Pakistan tensions generated 1.5 million intrusion attempts
- North Korea’s IT worker fraud schemes infiltrated global companies
- DDoS attacks, website defacements, and breaches targeted governments and critical infrastructure
Industry-Specific Insights
- Manufacturing: Most attacked sector due to reliance on OT/ICS environments and low tolerance for downtime
- Construction: Heavily targeted by Akira; time-sensitive projects created maximum pressure points
- Professional Services: Law firms and consultancies compromised for sensitive client data and supply chain leverage
- Healthcare: Continued to face attacks from groups like BianLian, Abyss, and INC Ransom due to critical data availability needs
- IT & ITES: Service providers exploited to enable cascading supply chain attacks against downstream customers
Outlook
The numbers from Cyble Global Cybersecurity Report 2025 highlight that ransomware is up by 50%, thousands of breaches, and a booming underground economy for compromised access.
With critical infrastructure, government agencies, and high-value industries increasingly in the crosshairs, the Cyble global cybersecurity report 2025 highlights the urgency for global enterprises to strengthen defenses against a rapidly evolving threat landscape.
