Cyberattacks in 2025

Cybersecurity remains a strategic issue for all organizations, large and small, commercial or administrative, public or private.

The widespread adoption of generative AI, the normalization of remote working, and the interconnection of communication systems are increasing the risk of attacks and exposing all economic actors, as well as ordinary consumers, to ever more sophisticated cyber threats.

Cyberattacks: target sectors

According to the Data Breach Investigations Report, more than 22 000 cyber incidents, including 12 000 intrusions involving data theft, were recorded in 2025. Public administrations and private actors (companies and individuals) in 139 countries were among the victims.

During 2025, 425.7 million user accounts were subject to data leaks, equivalent to nearly one account hacked every second.

Data breaches are no longer isolated incidents but a real threat that has become an integral part of today's digital environment.

With 34% of global leaks, the United States is the country hardest hit by this type of risk, followed in descending order by France, India, Germany, and Russia.

The theft of personal information particularly targets the internet and telecommunications sectors. Finance, IT, electronics, healthcare, travel, and tourism are also among the targets cherished by hackers.

Average cost of a cyber incident in 2025

The average cost of a cyberattack is estimated at 4.44 million USD in 2025, down for the first time in five years, a decline resulting from the implementation of new AI-based security solutions. These solutions facilitate rapid response to incidents, thereby limiting their spread.

However, in the United States, contrary to the general trend, the average cost of an incident continues to rise, reaching 10.22 million USD in 2025, compared to 9.36 million USD in 2024.

According to estimates by the American company Cybersecurity Ventures, the damage caused by cybercrime totaled 9.5 trillion USD in 2024, compared to 3 trillion USD in 2015. On this basis, with an average annual increase of 10%, annual losses are poised to reach 10.5 trillion USD in 2025.

For the International Monetary Fund (IMF), the intensification of cyber risks is directly linked to the increasing dependence of businesses and individuals on digital platforms. This phenomenon generates colossal economic costs that could affect macro-financial stability on a global scale.

According to the IMF, failure to address digital vulnerabilities could result in cumulative losses of 23 trillion USD by 2027. This estimate includes direct losses (ransomware, data theft, embezzlement, fraud, etc.) and indirect costs (reputational damage, legal fees, regulatory fines, etc.).

Cyberattacks: the biggest claim of 2025

The cost of the five-week shutdown of Jaguar Land Rover's factories in the UK amounted to more than 2 billion EUR (2.2 billion USD). In addition to the Jaguar Land Rover factories themselves, the loss that occurred at the end of August 2025 indirectly affected 5 000 other companies, leading to a contraction in GDP in September.

The figure of 2.2 billion USD pertains solely to the carmaker's direct financial losses; it does not include the financial impact on subcontractors and the UK economy.

Faced with this situation, the UK government was forced to grant an emergency loan of 1.7 billion EUR (2 billion USD) to Jaguar Land Rover to preserve jobs in the manufacturer's factories and supply chain.

The main types of cyber threats in 2025

Vulnerabilities are constantly evolving. Below are the most common digital breaches recorded in 2025:

• Phishing 2.0

This is an AI-powered attack. It involves impersonating a person or organization via email or text message to trick the victim into disclosing sensitive information or clicking on a malicious link.

• Ransomware-as-a-Service (RaaS)

Ransomware blocks access to communication tools and/or encrypts user data with a view to extorting a ransom. With the RaaS model, cybercriminals can easily access malware for rent from internet platforms, leading to a sharp increase in attacks of this type.

• Supply Chain Attacks

Cyberattacks targeting third-party suppliers and service providers, the most feared vectors of intrusion for companies, have exploded in recent years. By infiltrating a trusted partner, hackers can simultaneously reach multiple targets, amplifying the impact of the attack.

Attacks on enterprise AI models

The widespread integration of artificial intelligence into operational processes has paved the wayfor new attack vectors. Techniques such as “model inversion” or “prompt injection” allow cybercriminals to extract sensitive data or manipulate internal AI models for malicious purposes.

Distributed denial-of-service attacks (DDoS)

Denial-of-service attacks are designed to cause failure or interruption by saturating a company's IT system. The Internet of Things (IoT) has amplified this threat by enabling longer, more massive, better-targeted attacks from multiple sources, as substantiated by recent attacks on critical European infrastructure. The energy, e-health, and banking sectors were particularly targeted in 2025.

CEO fraud or deepfake

In this type of scam, known as “CEO fraud,” the scammer poses as a company executive with a view to tricking an employee into disclosing confidential information or performing an action, such as transferring money to a fake recipient. In 2025, the “CEO” scam has geared up thanks to AI, with artificially generated videos and voice calls.

Cybersecurity market challenges

The cybersecurity market faces significant challenges that are amplified by the increased exposure of companies and public bodies to digital risks and the sophistication of attacks.

These include:

• The use of generative artificial intelligence: AI is certainly used to detect and counter attacks, but it can also be harnessed by cybercriminals to develop new threats such as more credible phishing campaigns, more sophisticated malware, and deepfakes.
• The cybersecurity skills gap: since 2023, demand for skills has far exceeded supply, despite a 12.6% growth in the specialized workforce. A shortage of four million cybersecurity professionals was recorded in 2024. At the current rate of training, this shortage could reach 85 million by 2030.
• Unsafe human behavior: The training gap and lack of technical skills expose organizations to internal errors which result in many incidents.
• Unequal levels of preparedness for cyberattacks: There is a significant gap between companies with reliable infrastructure and advanced cybersecurity strategies and those that struggle to protect themselves effectively.
• Upgrading technologies and processes: due to a lack of skills, many companies are finding it difficult to modernize their systems, a shortcoming that compromises their ability to deal with cyber threats.

Cyber market outlook

Solutions are designed to counter cyber threats, generally revolving around training and organization.

• By 2028, generative AI is poised to help offset the skills gap and reduce the level of knowledge required for 50% of entry-level positions,
• Security Orchestration, Automation and Response (SOAR) are two technologies that allow automatic detection, analysis, and response to threats, thereby reducing response time,
• Strict enforcement of regulations and compliance with security standards are also among the measures to strengthen cyber risk management. In this area, numerous pieces of legislation have been adopted, including:
  • the European Network and Information Security Directive (NIS2) adopted in 2022,
  • the European Union's General Data Protection Regulation (GDPR), in force since 2018,
  • the California Consumer Privacy Act (CCPA), adopted in 2020,
  • the Health Insurance Portability and Accountability Act (HIPAA), enacted in 1996 and designed to protect the personal information of American patients,
• Organizing training and awareness sessions for employees on cyber incidents
• Strengthening emergency plans and cyber risk management
• Securing connected devices (IoT)

The development of the cyber insurance market

Against a backdrop of increasing and higher sophisticated digital risks, the cyber insurance market is likely to continue growing. Premiums written in 2024, amounting to 15.3 billion USD, are expected to reach 16.3 billion USD in 2025.

According to Munich Re, with an average annual growth rate of 10%, the cyber market is poised to reach 32.4 billion USD by 2030.

Although it is one of the most dynamic segments, cyber insurance currently accounts for less than 1% of global property and casualty insurance premiums.