Latest News
March 24, 2026 | Research
Cyber incidents for the year 2025 in numbers
The AV-TEST team monitored and analyzed the latest developments in cyber incidents in Europe and adjacent regions over the course of 2025. The current annual report highlights a changing threat landscape in which the targets of the attacks are increasingly becoming more sophisticated. In addition to the continuing threat posed by ransomware in economically advanced nations, the data clearly shows a concentration of DDoS (distributed denial of service) attacks in geopolitical hotspots. The challenges that enterprises and institutions face due to this trend are growing increasingly complex. And mitigating the impact requires an adaptation to their security strategies.
Distribution of cyberattacks:
a three-year comparison of the development of DDoS and ransomware attacks (2023–2025)
Cyber incidents reported by AV-TEST are based on extensive monitoring across the public Internet and dark web sources. It is important to note that these findings may not fully capture the entire spectrum of incidents that have occurred.
AV-TEST observed a continually high volume of cyberattacks throughout Europe and adjacent regions in 2025. Making up the absolute majority of the malicious activities were distributed denial of service (DDoS) and ransomware attacks. Analysis of the telemetry data indicates 4,658 DDoS attacks and 1,119 ransomware attacks in this period. DDoS attacks have now stabilized at a level that is still extremely high and ransomware attacks have continued the growth observed in previous years in a steady and linear fashion.
These figures underscore the ongoing threat of high-volume disruption attacks on the surrounding geopolitical area, as well as the steady increase in targeted, financially motivated blackmailing campaigns in economies of the Western world.