According to the global report by Kaspersky Security Services, Anatomy of a Cyber World, the government sector has emerged as the most targeted sector for the second consecutive year, accounting for 19% of all high-severity incidents in 2025. The industrial sector closely followed at 17%, while the IT sector rose to third place with 15%, displacing finance from the top three targeted industries.
The Anatomy of a Cyber World is a comprehensive global report drawing on incident statistics from Kaspersky Managed Detection and Response, Kaspersky Incident Response, Kaspersky Compromise Assessment and Kaspersky SOC Consulting. This report sheds light on the most prevalent attacker tactics, techniques and tools, as well as the characteristics of detected incidents and their distribution across regions and industry sectors.
Building on these findings, the report reveals that government bodies continued to be the most targeted sector in 2025. A deeper examination of the root causes of attacks within this sector uncovers that Advanced Persistent Threats (APTs) were the most common, accounting for 33,3% of incidents. This trend highlights the increasing sophistication of adversaries who persistently evolve their tactics to bypass automated protection. Additionally, 18,9% of government organisations experienced social engineering attacks, underscoring that employees remain a critical entry point for cyberthreats.
This dual vulnerability, from both advanced persistent attackers and social engineering campaigns, underscores the need to strengthen not only technology, but also organisational resilience. Implementing measures such as role-based access control and limiting privileges can significantly reduce the impact of compromised accounts, particularly in large, distributed government environments.
A broad range of adversaries
The industrial sector presents a different, but equally concerning profile. Threats in industrial environments are distributed with striking uniformity: APT-driven incidents constitute 17,8%, malware 14,9% and social engineering 13,9%. This pattern suggests that industrial organisations attract a broad range of adversaries with different capabilities and objectives, rather than being primarily targeted by a single type of threat actor.
Notably, confirmed cyber exercises, such as red teaming, account for 22,8% of incidents in the sector, the highest share among the top three industries, reflecting growing investment in proactive security validation among industrial organisations.
In contrast, the IT sector shows a markedly different pattern. With 41% of incidents attributed to human-driven APT attacks, the highest rate across all sectors, IT organisations are clearly a priority target for sophisticated threat actors seeking to exploit trusted relationships and scale their impact through supply chains.
APT traces, which are artefacts from previous advanced persistent threat activity, were identified in an additional 17% of cases, while social engineering accounted for 11%. In contrast, red teaming represents only 9% of IT incidents, suggesting that proactive security testing remains underutilised relative to the sector’s actual threat exposure.
“Government, industrial and IT organisations consistently attract sophisticated adversaries because of the strategic value of what they hold, operate and connect to geopolitical intelligence, critical infrastructure and global supply chains respectively. The 2025 data confirms that these attacks are not opportunistic: they are targeted and often aimed at establishing persistent access.
“Each of these sectors needs to operate on the assumption that determined attackers will find a way in, and focus their defences on early detection, rapid containment and minimising the window of exposure. So, proactive threat hunting, continuous monitoring and regular compromise assessments are no longer optional for organisations of any size across these industries,” comments Sergey Soldatov, head of security operations at Kaspersky.
To learn more about attacker tactics and techniques, the characteristics of detected incidents and their distribution across regions and industry sectors, read the full report at https://tinyurl.com/2he7en2z.
© Technews Publishing (Pty) Ltd. | All Rights Reserved.
printer friendly version