Cyberattacks aren’t slowing down, they’re accelerating.
Microsoft now processes over 100 trillion security signals every single day, and what those signals reveal is clear: cybercrime has become faster, more automated, and overwhelmingly profit-driven.
In the Microsoft Digital Defence Report 2025, one stat stands out above the rest:
Over 50% of all cyberattacks are now driven by extortion and ransomware. For organisations already stretched thin, this isn’t just another annual report it’s a warning. Here are the five key takeaways IT leaders actually need to know, without reading 100+ pages.
Cybercrime has professionalised.
The report shows that extortion and ransomware account for more than half of all attacks, while traditional espionage makes up just a fraction. Criminal groups now operate with:
This “cybercrime supply chain” means attackers no longer need advanced skills, they can buy access and launch attacks at scale.
Why it matters: Defence strategies built for occasional threats can’t keep up with an industrialised attack economy.
Despite advances in security tooling, identity remains the most common entry point. Microsoft’s telemetry shows that identity compromise underpins most successful breaches driven by phishing, credential theft, and MFA fatigue attacks. The report also highlights that phishing-resistant MFA can block over 99% of identity attacks, yet many organisations still rely on weaker controls.
Why it matters: If attackers control identity, they control the environment cloud, SaaS, and on-prem alike.
AI is no longer theoretical in cybercrime. Microsoft observed that AI-generated phishing campaigns are up to 4.5x more effective than traditional lures, using:
Attackers are using AI to remove friction and scale faster than ever before. Why it matters: Security teams can’t rely on manual detection or periodic reviews when attackers are automating at speed.
Cloud-focused attacks are rising fast, with destructive cloud incidents increasing by 87%. At the same time, access brokers and third-party compromises mean organisations are increasingly breached indirectly, via suppliers, MSPs, or misconfigured cloud services. The report reinforces that attackers don’t distinguish between “core” systems and third parties they target whatever gets them access fastest.
Why it matters: Security strategies must extend beyond the perimeter and into cloud posture, identity trust, and supplier risk.
Perhaps the clearest message in the report is this: traditional, static security approaches are no longer sufficient. With billions of identity signals, millions of malware attempts, and constant exposure changes, attackers are exploiting the gaps between audits, scans, and annual tests.
Why it matters: Cyber risk is continuous, validation and monitoring must be too.
The Microsoft Digital Defence Report 2025 makes one thing clear:
Modern cyber risk isn’t about whether controls exist it’s about whether they hold up at speed.
For IT leaders without the time to read the full report, the priority is simple:
Need a partner that’s proactive about your security?
Let’s start a conversation.
