Legacy security measures are no longer enough, according to the sixth annual Microsoft Digital Defense Report, which covers from July 2024 through June 2025. Needed are defences that use AI and collaboration across industries and governments to keep pace with the threat. Simple steps the firm advises such as using strong security tools—especially phishing-resistant multi-factor authentication (MFA)—makes a big difference, as MFA can block over 99 per cent of identity-based attacks.
As for the threat landscape, the tech firm says that ‘the breadth and scale of Chinese targeting operations continue to stand out from other nation-state actors’, with ’emphasis on espionage and the collection of proprietary information’. Also covered in the study are Iran, Russia (‘still focused on Ukraine’), and North Korea (the report speaks of an ‘IT worker problem’ whereby ‘North Korea has remotely stealthily embedded tens of thousands of workers at organizations around the world in a trend that is quickly accelerating’). While cyber criminals are the biggest cyber threat by volume, nation-state actors still target key industries and regions. The United States was by far the country where Microsoft customers were in percentage terms most frequently impacted by cyber threats in the first half of 2025; next came the UK, and then Israel, Germany and Ukraine.
Averted ‘catastrophe’
The report pointed to a ‘narrowly averted catastrophe’ in February after a global shipping company experienced a ransomware attack, because if the unidentified company’s systems had been taken offline for even a few hours, the cascading effect would have impacted trade. IT and government bodies were the most impacted by cyber threats this year, according to the report, while it added that attacks on sectors such as research and academia, and telecoms, could serve as a launchpad for attacks on others. The report pointed also to ‘infrastructure building’, whereby threat actors might be taking advantage of unmanaged digital assets to stage attacks against other targets, downstream. The firm says it has seen a big rise in campaigns aimed at disrupting customers’ Azure cloud data, whether through ransomware or mass deletion.
AI, quantum
As for artificial intelligence, the report suggests that the AI threat landscape is ‘diverse and rapidly evolving’. For one thing, ‘as AI adoption accelerates, so does AI’s access to sensitive data’. Cyber attacks can be augmented using AI and besides attackers can make direct attacks on AI systems. On the other hand, ‘AI can detect vulnerabilities, automate patching, and improve threat intelligence’. And as for quantum computing, the report says that it has ‘vast economic potential, but if used by malicious actors, it could threaten the encryption of sensitive data’.
Blog
Meanwhile, Amy Hogan-Burney, Corporate Vice President, Customer Security and Trust at Microsoft has blogged that in 80 per cent of the cyber incidents that the company’s security teams investigated last year, attackers sought to steal data; ‘a trend driven more by financial gain than intelligence gathering’. More than half of cyberattacks with known motives were driven by extortion or ransomware, she added.
More reading
The report sums up that the daily threats remain the same; ‘opportunistic threat actors targeting known security gaps’. For the full 80-page report, visit https://www.microsoft.com/en-us/corporate-responsibility/cybersecurity/microsoft-digital-defense-report-2025/.
