Microsoft Digital Defense Report 2025: Ransomware and Extortion Dominate Cyberattacks

Microsoft has released its latest Microsoft Digital Defense Report revealing that over 52% of cyberattacks with known motivations are driven by extortion and ransomware, while espionage accounts for just 4%. Today’s attackers are primarily opportunistic criminals seeking financial gain—not state-actors. In 80% of incidents, attackers aimed to steal data, underscoring the universal nature of this threat.

Cybercrime at Scale: The Numbers Behind the Threat

Microsoft processes over 100 trillion signals daily, blocks approximately 4.5 million new malware attempts, analyses 38 million identity risk detections, and scans 5 billion emails for malware and phishing threats. Automation and off-the-shelf cybercrime tools have enabled attackers to scale operations, while AI accelerates the creation of sophisticated, convincing attack content.

Cybersecurity Is a Boardroom Issue

The report sends a clear message: cybersecurity is a core strategic priority—not just an IT concern. Business leaders must integrate security into every aspect of digital transformation.

Regional Perspective: Urgency in the Adriatic

“Across the Adriatic region, the urgency to strengthen cybersecurity awareness and readiness has never been greater,” says Tomislav Vračić, NTO Europe South Multi-country cluster. “As digital transformation accelerates in Croatia, Slovenia, Serbia, Albania, Bulgaria, and neighbouring markets, both public and private sectors must act decisively to safeguard critical infrastructure and citizen trust. Proactive defence is a strategic imperative for securing our shared digital future.”

Critical Services Under Siege

Hospitals, schools, and local governments are increasingly targeted due to sensitive data and limited cybersecurity resources. Consequences include delayed medical care, disrupted education, and halted transportation. Ransomware actors exploit these vulnerabilities because such sectors often pay quickly to restore operations.

Modernization Is Non-Negotiable

The Microsoft Digital Defense Report also emphasizes that outdated security measures are no longer sufficient. Defense modernization and strong collaboration between industry and governments are essential. For individuals, using multi-factor authentication (MFA)—especially phishing-resistant MFA—can block over 99% of identity-based attacks.

Nation-State Threats Persist

While criminals are the most prevalent attackers, state actors continue to target key industries and regions, primarily for espionage and sometimes financial gain:

• China: Expanding attacks on various industries and NGOs, using vulnerable devices for covert access.
• Iran: Targeting logistics companies in Europe and the Persian Gulf, likely preparing to disrupt commercial traffic.
• Russia: Extending attacks beyond Ukraine, especially on small businesses in NATO countries, using them as entry points to larger organizations.
• North Korea: Focused on financial gain and espionage, including employing IT workers abroad who send earnings back to the regime.

AI Accelerates Threats

Both attackers and defenders are leveraging AI. Cybercriminals use AI to automate phishing and create synthetic content, while defenders use it to close detection gaps and protect users.

Cybersecurity: A Shared Responsibility

As threats grow more sophisticated, organizations must continuously update defenses and share intelligence. Governments must establish clear frameworks that impose credible consequences for malicious activity and foster transparency. Microsoft is committed to strengthening security through the Secure Future Initiative and global partnerships. As digital transformation accelerates—amplified by the rise of AI—cyber threats increasingly impact economic stability, public trust, and personal safety. Addressing these challenges requires not only innovation, but coordinated societal action.