Kaspersky has released its global cybersecurity report for 2025, revealing that the government sector remained the most targeted industry for the second consecutive year, accounting for 19% of all high-severity incidents. The findings, drawn from Kaspersky’s managed detection, incident response, and SOC consulting services, paint a sobering picture of an increasingly hostile threat landscape for public and critical infrastructure organisations.

Government and industrial sectors under persistent fire

Advanced Persistent Threats (APTs) were the most common attack type targeting government organisations in 2025, responsible for 33.3% of incidents. Social engineering attacks accounted for 18.9% of government incidents, underscoring that employees remain a critical vulnerability even as technical defences improve.

The industrial sector followed closely at 17% of high-severity incidents. Unlike the government sector, industrial organisations attracted a broad mix of adversaries — APT-driven incidents accounted for 17.8%, malware for 14.9%, and social engineering for 13.9%. Confirmed cyber exercises such as red teaming made up 22.8% of incidents in the sector, the highest share among the top three industries, reflecting growing investment in proactive security validation.

IT sector displaces finance in top three

A notable shift in the 2025 data is the rise of the IT sector to third place, accounting for 15% of all high-severity incidents and displacing the finance sector. IT organisations recorded the highest rate of human-driven APT attacks across all sectors at 41%, with threat actors seeking to exploit trusted supply chain relationships and scale their reach. APT traces were identified in an additional 17% of IT sector cases.

The finance sector’s drop from the top three reflects a different story: red teaming accounted for 36.1% of incidents in the sector — the highest share of any industry — while confirmed APT activity remained comparatively low at 11.5%. Kaspersky attributed this to sustained investment in proactive security assessments reducing actual breach risk.

Organisations urged to assume breach, focus on detection

“Government, industrial and IT organisations consistently attract sophisticated adversaries because of the strategic value of what they hold, operate and connect to — geopolitical intelligence, critical infrastructure and global supply chains respectively. The 2025 data confirms that these attacks are not opportunistic: they are targeted and often aimed at establishing persistent access.” — Sergey Soldatov, Head of Security Operations, Kaspersky

Kaspersky recommends that organisations augment existing security controls with human-led detection through managed detection and response services, align internal processes with the evolving threat landscape via SOC consulting, and deploy centralised extended detection and response (XDR) solutions to aggregate and correlate threat data across assets.

The full report, titled Anatomy of a Cyber World, is available on the Kaspersky website.