Government Sector Remains Top Cybercrime Target, Accounting for 19% of High-Severity Incidents in 2025

In a revealing analysis of the cybersecurity landscape, Kaspersky Security Services’ report, Anatomy of a Cyber World, indicates that the government sector has once again emerged as the most targeted sector for cyberattacks, accounting for 19% of all high-severity incidents in 2025. This marks the second consecutive year that government entities have topped the list, followed closely by the industrial sector at 17% and the IT sector at 15%. The finance sector has been displaced from the top three, highlighting a shift in the focus of cybercriminals.

Insights from the Kaspersky Report

The Anatomy of a Cyber World report synthesizes incident statistics from various Kaspersky services, including Managed Detection and Response, Incident Response, Compromise Assessment, and SOC Consulting. It provides a comprehensive overview of the tactics, techniques, and tools employed by attackers, along with the characteristics of detected incidents across different regions and industries.

The report underscores the increasing sophistication of cyber threats, particularly within the government sector. Advanced Persistent Threats (APTs) accounted for 33.3% of incidents, revealing a trend where adversaries continuously evolve their tactics to circumvent automated defenses. Additionally, 18.9% of government organizations reported incidents of social engineering attacks, emphasizing the critical role employees play as potential entry points for cyber threats.

The Dual Vulnerability of Government Entities

The dual threat posed by both APTs and social engineering campaigns necessitates a robust approach to cybersecurity. Strengthening organizational resilience is crucial. Implementing measures such as role-based access control and privilege limitation can significantly mitigate the risks associated with compromised accounts, especially in large, distributed government environments.

Industrial Sector: A Diverse Threat Landscape

The industrial sector presents a different yet equally alarming profile. Threats in this domain are distributed relatively uniformly, with APT-driven incidents comprising 17.8%, malware at 14.9%, and social engineering at 13.9%. This distribution indicates that industrial organizations attract a diverse array of adversaries with varying capabilities and objectives. Notably, confirmed cyber exercises, such as red teaming, accounted for 22.8% of incidents in this sector, the highest among the top three industries. This reflects a growing investment in proactive security validation within industrial organizations.

IT Sector: A Prime Target for APTs

The IT sector exhibits a markedly different pattern, with 41% of incidents attributed to human-driven APT attacks, the highest rate across all sectors. This indicates that IT organizations are prime targets for sophisticated threat actors aiming to exploit trusted relationships and extend their impact through supply chains. APT traces were identified in an additional 17% of cases, while social engineering accounted for 11%. In contrast, red teaming represented only 9% of IT incidents, suggesting that proactive security testing is underutilized relative to the actual threat exposure faced by the sector.

Finance Sector: A Shift in Focus

Interestingly, the finance sector has been displaced from the top three targeted industries. The report indicates that red teaming in this sector accounts for 36.1% of incidents, reflecting a mature, compliance-driven approach to proactive defense. In contrast, confirmed APT activity remains comparatively low at 11.5%. This trend suggests that sustained investment in security assessments can enhance a company’s ability to identify vulnerabilities early, thereby avoiding costly breaches and minimizing potential damage to reputation and operations.

Strategic Implications for Organizations

Cybersecurity experts emphasize that government, industrial, and IT organizations consistently attract sophisticated adversaries due to the strategic value of their assets, which include geopolitical intelligence, critical infrastructure, and global supply chains. The 2025 data confirms that these attacks are not merely opportunistic; they are targeted and often aimed at establishing persistent access. Organizations in these sectors must operate under the assumption that determined attackers will find a way in, focusing their defenses on early detection, rapid containment, and minimizing exposure windows.

To bolster defenses against human-driven attacks, Kaspersky recommends several strategies:

1. Enhance Security Controls: Organizations should augment existing security measures with human-led detection services, such as Kaspersky Managed Detection and Response (MDR), which offers comprehensive analysis of security incidents and 24/7 monitoring throughout the incident management cycle.
2. Align Internal Processes: Adapting internal processes and technologies to align with the evolving threat landscape is essential. Kaspersky SOC Consulting can assist organizations in building an in-house Security Operations Center (SOC) or enhancing existing capabilities.
3. Utilize Centralized Solutions: Implementing centralized and automated solutions, such as Kaspersky Next XDR Expert, can provide comprehensive protection for all assets. By aggregating and correlating data from multiple sources, this solution leverages machine learning technologies for effective threat detection and rapid automated response.

In conclusion, the findings from Kaspersky’s report underscore the pressing need for organizations across various sectors to adopt a proactive and multifaceted approach to cybersecurity. As cyber threats continue to evolve, the importance of early detection, continuous monitoring, and regular assessments cannot be overstated.

Source: securitymea.com

Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.