The newly released Microsoft Digital Defense Report 2025 reveals new data on global cyber threats. According to the report, more than half of all cyberattacks with known motives, 52%, are driven by extortion and ransomware.
In contrast, espionage accounts for only 4%, a shift toward financially motivated cybercrime rather than state-sponsored operations. Published on October 22, 2025, the report stresses that today’s attackers are largely opportunistic about criminals seeking monetary gain rather than geopolitical advantage.
The findings show that in 80% of incidents, attackers aimed primarily to steal data. This trend highlights the universality of the threat, as organizations across every industry face mounting pressure to protect sensitive information against both small-scale criminals and organized syndicates.
Digital Defense Report 2025: Data Behind the Threat
Microsoft’s digital infrastructure gives it a unique vantage point on global cybercrime trends. Each day, the company processes over 100 trillion signals, blocks approximately 4.5 million new malware attempts, analyzes 38 million identity-risk detections, and scans 5 billion emails for phishing and malicious content.
Automation and widely available hacking tools have enabled attackers to scale operations faster than ever. The report warns that artificial intelligence (AI) is now accelerating this process, making phishing lures, fake websites, and social-engineering content more convincing and harder to detect.
A major takeaway from the Digital Defense Report is that cybersecurity can no longer be viewed as a purely technical issue. It must be treated as a strategic business priority. The report urges leaders to integrate security into every layer of digital transformation, arguing that modern defenses are essential for long-term resilience.
For individual users, Microsoft recommends the use of multi-factor authentication (MFA), especially phishing-resistant MFA, which can block over 99% of identity-based attacks, even when criminals have stolen valid credentials.
Regional Focus: Urgency in the Adriatic
Tomislav Vračić, NTO Europe South Multi-country Cluster at Microsoft, emphasized the growing urgency across Southeast Europe:
“Across the Adriatic region, the urgency to strengthen cybersecurity awareness and readiness has never been greater,” Vračić said. “As digital transformation accelerates in Croatia, Slovenia, Serbia, Albania, Bulgaria, and neighboring markets, both public and private sectors must act decisively to safeguard critical infrastructure and citizen trust. Proactive defense is a strategic imperative for securing our shared digital future.”
The report highlights that hospitals, schools, and local governments are frequent targets of ransomware and data-theft campaigns. These institutions often lack sufficient resources to recover quickly, which makes them appealing to targets.
The fallout is severe, ranging from delayed medical care to disrupted education and halted public services. Because operational continuity is so critical in these sectors, attackers often succeed in extorting quick payments.
Modernization Is Non-Negotiable
Outdated security systems are no longer enough. The Digital Defense Report stresses that modernization, strong public-private collaboration, and shared threat intelligence are key to countering today’s cybercrime landscape. Governments and industries must work together to reinforce defense infrastructure before the next major wave of ransomware and data-theft attacks.
While financially motivated actors dominate, nation-state attacks continue to pose serious risks. The report identifies:
- China, expanding its operations across industries and NGOs by exploiting vulnerable devices for covert access.
- Iran, targeting logistics companies in Europe and the Persian Gulf, is likely to disrupt trade.
- Russia, extending operations beyond Ukraine and focusing on small NATO countries ‘ businesses as potential entry points into larger networks.
- North Korea, combining espionage and profit motives, often uses overseas IT workers whose earnings are sent back to the regime.
